Vulnerabilities > CVE-2012-3480 - Numeric Errors vulnerability in GNU Glibc 2.16
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.
Common Weakness Enumeration (CWE)
Exploit-Db
description | GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities. CVE-2012-3480. Local exploit for linux platform |
id | EDB-ID:37631 |
last seen | 2016-02-04 |
modified | 2012-08-13 |
published | 2012-08-13 |
reporter | Joseph S. Myer |
source | https://www.exploit-db.com/download/37631/ |
title | GNU glibc Multiple Local Stack Buffer Overflow Vulnerabilities |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-11963.NASL description - Fix integer overflow leading to buffer overflow in strto* (#847718) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-18 plugin id 62130 published 2012-09-18 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62130 title Fedora 18 : glibc-2.16-8.fc18 (2012-11963) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-11963. # include("compat.inc"); if (description) { script_id(62130); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3480"); script_xref(name:"FEDORA", value:"2012-11963"); script_name(english:"Fedora 18 : glibc-2.16-8.fc18 (2012-11963)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Fix integer overflow leading to buffer overflow in strto* (#847718) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=847715" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-September/087344.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?86facb39" ); script_set_attribute(attribute:"solution", value:"Update the affected glibc package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"glibc-2.16-8.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1208.NASL description Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 61691 published 2012-08-28 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61691 title RHEL 6 : glibc (RHSA-2012:1208) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1208. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(61691); script_version ("1.18"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-3480"); script_xref(name:"RHSA", value:"2012:1208"); script_name(english:"RHEL 6 : glibc (RHSA-2012:1208)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1208" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3480" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1208"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"glibc-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-common-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"glibc-common-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-common-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", reference:"glibc-debuginfo-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", reference:"glibc-debuginfo-common-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", reference:"glibc-devel-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-headers-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"glibc-headers-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-headers-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", reference:"glibc-static-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-utils-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"glibc-utils-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-utils-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"nscd-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"nscd-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nscd-2.12-1.80.el6_3.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc"); } }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1589-2.NASL description USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem. We apologize for the inconvenience. It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 63285 published 2012-12-18 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63285 title Ubuntu 8.04 LTS : glibc regression (USN-1589-2) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1589-2. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(63285); script_version("1.14"); script_cvs_date("Date: 2019/09/19 12:54:28"); script_cve_id("CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480"); script_bugtraq_id(54982); script_xref(name:"USN", value:"1589-2"); script_name(english:"Ubuntu 8.04 LTS : glibc regression (USN-1589-2)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "USN-1589-1 fixed vulnerabilities in the GNU C Library. One of the updates exposed a regression in the floating point parser. This update fixes the problem. We apologize for the inconvenience. It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1589-2/" ); script_set_attribute(attribute:"solution", value:"Update the affected libc6 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"libc6", pkgver:"2.7-10ubuntu8.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1207.NASL description Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 61683 published 2012-08-28 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61683 title CentOS 5 : glibc (CESA-2012:1207) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1207 and # CentOS Errata and Security Advisory 2012:1207 respectively. # include("compat.inc"); if (description) { script_id(61683); script_version("1.10"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-3480"); script_bugtraq_id(54982); script_xref(name:"RHSA", value:"2012:1207"); script_name(english:"CentOS 5 : glibc (CESA-2012:1207)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug : * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2012-August/018826.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?acdfeeb2" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3480"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"glibc-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-common-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-devel-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-headers-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-utils-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"CentOS-5", reference:"nscd-2.5-81.el5_8.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20120827_GLIBC_ON_SL5_X.NASL description The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-03-18 modified 2012-08-28 plugin id 61692 published 2012-08-28 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61692 title Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120827) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61692); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3480"); script_name(english:"Scientific Linux Security Update : glibc on SL5.x i386/x86_64 (20120827)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug : - Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1208&L=scientific-linux-errata&T=0&P=2838 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2cfb0d10" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nscd"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/28"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"glibc-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"SL5", reference:"glibc-common-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"SL5", reference:"glibc-devel-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"SL5", reference:"glibc-headers-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"SL5", reference:"glibc-utils-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"SL5", reference:"nscd-2.5-81.el5_8.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-utils / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201503-04.NASL description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81689 published 2015-03-09 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81689 title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201503-04. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(81689); script_version("$Revision: 1.22 $"); script_cvs_date("$Date: 2016/05/20 14:03:00 $"); script_cve_id("CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2012-6656", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-4043", "CVE-2015-0235"); script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 61960, 62324, 63299, 68006, 69470, 72325); script_xref(name:"GLSA", value:"201503-04"); script_name(english:"GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201503-04" ); script_set_attribute( attribute:"solution", value: "All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.19-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-libs/glibc", unaffected:make_list("ge 2.19-r1"), vulnerable:make_list("lt 2.19-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU C Library"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2012-1208.NASL description Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 61720 published 2012-08-30 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61720 title CentOS 6 : glibc (CESA-2012:1208) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1208 and # CentOS Errata and Security Advisory 2012:1208 respectively. # include("compat.inc"); if (description) { script_id(61720); script_version("1.11"); script_cvs_date("Date: 2020/01/07"); script_cve_id("CVE-2012-3480"); script_xref(name:"RHSA", value:"2012:1208"); script_name(english:"CentOS 6 : glibc (CESA-2012:1208)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2012-August/018828.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9be4e5d9" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3480"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"glibc-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-common-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-devel-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-headers-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-static-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-utils-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"CentOS-6", reference:"nscd-2.12-1.80.el6_3.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc"); }
NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2012-0018.NASL description a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63332 published 2012-12-24 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63332 title VMSA-2012-0018 : VMware security updates for vCSA and ESXi code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2012-0018. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(63332); script_version("1.22"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0830", "CVE-2011-1089", "CVE-2011-4609", "CVE-2012-0864", "CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-6324", "CVE-2012-6325", "CVE-2012-6326"); script_bugtraq_id(40063, 46740, 50898, 51439, 52201, 54374, 54982, 57021, 57022, 58139); script_xref(name:"VMSA", value:"2012-0018"); script_name(english:"VMSA-2012-0018 : VMware security updates for vCSA and ESXi"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESXi host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2013/000212.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2012-12-20"); flag = 0; if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-1.25.912577")) flag++; if (esx_check(ver:"ESXi 5.0", vib:"VMware:tools-light:5.0.0-1.25.912577")) flag++; if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-base:5.1.0-0.11.1063671")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-244-01.NASL description New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61748 published 2012-09-04 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61748 title Slackware 13.1 / 13.37 / current : glibc (SSA:2012-244-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2012-244-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(61748); script_version("1.5"); script_cvs_date("Date: 2019/01/02 16:37:55"); script_cve_id("CVE-2012-3480"); script_bugtraq_id(54982); script_xref(name:"SSA", value:"2012-244-01"); script_name(english:"Slackware 13.1 / 13.37 / current : glibc (SSA:2012-244-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.782382 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?54b73d28" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-solibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"13.1", pkgname:"glibc", pkgver:"2.11.1", pkgarch:"i486", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", pkgname:"glibc-i18n", pkgver:"2.11.1", pkgarch:"i486", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", pkgname:"glibc-profile", pkgver:"2.11.1", pkgarch:"i486", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", pkgname:"glibc-solibs", pkgver:"2.11.1", pkgarch:"i486", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", pkgname:"glibc-zoneinfo", pkgver:"2.11.1", pkgarch:"noarch", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"glibc", pkgver:"2.11.1", pkgarch:"x86_64", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.11.1", pkgarch:"x86_64", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.11.1", pkgarch:"x86_64", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.11.1", pkgarch:"x86_64", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2.11.1", pkgarch:"noarch", pkgnum:"7_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"glibc", pkgver:"2.13", pkgarch:"i486", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", pkgname:"glibc-i18n", pkgver:"2.13", pkgarch:"i486", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", pkgname:"glibc-profile", pkgver:"2.13", pkgarch:"i486", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", pkgname:"glibc-solibs", pkgver:"2.13", pkgarch:"i486", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", pkgname:"glibc-zoneinfo", pkgver:"2.13", pkgarch:"noarch", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"glibc", pkgver:"2.13", pkgarch:"x86_64", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.13", pkgarch:"x86_64", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.13", pkgarch:"x86_64", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.13", pkgarch:"x86_64", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2.13", pkgarch:"noarch", pkgnum:"6_slack13.37")) flag++; if (slackware_check(osver:"current", pkgname:"glibc", pkgver:"2.15", pkgarch:"i486", pkgnum:"6")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-i18n", pkgver:"2.15", pkgarch:"i486", pkgnum:"6")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-profile", pkgver:"2.15", pkgarch:"i486", pkgnum:"6")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-solibs", pkgver:"2.15", pkgarch:"i486", pkgnum:"6")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-zoneinfo", pkgver:"2012e_2012e", pkgarch:"noarch", pkgnum:"6")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc", pkgver:"2.15", pkgarch:"x86_64", pkgnum:"6")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.15", pkgarch:"x86_64", pkgnum:"6")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.15", pkgarch:"x86_64", pkgnum:"6")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.15", pkgarch:"x86_64", pkgnum:"6")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2012e_2012e", pkgarch:"noarch", pkgnum:"6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1208.NASL description From Red Hat Security Advisory 2012:1208 : Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 68606 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68606 title Oracle Linux 6 : glibc (ELSA-2012-1208) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1208 and # Oracle Linux Security Advisory ELSA-2012-1208 respectively. # include("compat.inc"); if (description) { script_id(68606); script_version("1.7"); script_cvs_date("Date: 2019/09/30 10:58:17"); script_cve_id("CVE-2012-3480"); script_xref(name:"RHSA", value:"2012:1208"); script_name(english:"Oracle Linux 6 : glibc (ELSA-2012-1208)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2012:1208 : Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2012-August/002995.html" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"glibc-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"EL6", reference:"glibc-common-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"EL6", reference:"glibc-devel-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"EL6", reference:"glibc-headers-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"EL6", reference:"glibc-static-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"EL6", reference:"glibc-utils-2.12-1.80.el6_3.5")) flag++; if (rpm_check(release:"EL6", reference:"nscd-2.12-1.80.el6_3.5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1325.NASL description An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78935 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78935 title RHEL 6 : rhev-hypervisor6 (RHSA-2012:1325) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1325. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78935); script_version("1.12"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-3480", "CVE-2012-3515"); script_bugtraq_id(54982, 55413); script_xref(name:"RHSA", value:"2012:1325"); script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2012:1325)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of Red Hat Enterprise Virtualization Hypervisor: it is not possible to add a device that uses a virtual console back-end via Red Hat Enterprise Virtualization Manager. To specify a virtual console back-end for a device and therefore be vulnerable to this issue, the device would have to be created another way, for example, by using a VDSM hook. Note that at this time hooks can only be used on Red Hat Enterprise Linux hosts, not Red Hat Enterprise Virtualization Hypervisor. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) Red Hat would like to thank the Xen project for reporting the CVE-2012-3515 issue. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2012-4244 (bind issue) CVE-2012-3524 (dbus issue) CVE-2012-2313, CVE-2012-2384, CVE-2012-2390, CVE-2012-3430, and CVE-2012-3552 (kernel issues) CVE-2012-3445 (libvirt issue) CVE-2011-3102 and CVE-2012-2807 (libxml2 issues) CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, and CVE-2012-2893 (libxslt issues) This updated Red Hat Enterprise Virtualization Hypervisor package also fixes the following bug : * Previously, the Manager listed all installed Hypervisor ISO images as available even when they did not support the VDSM compatibility version required by the selected host. The rhev-hypervisor6 package now maintains a text file for each installed ISO image. The file lists the VDSM compatibility versions supported by the relevant ISO image. The Manager uses this information to ensure that only those Hypervisor ISO images that are relevant to the selected host are listed. (BZ#856827) Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues." ); # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2be17ee0" ); # https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b5caa05f" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1325" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3480" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3515" ); script_set_attribute( attribute:"solution", value:"Update the affected rhev-hypervisor6 package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1325"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.3-20120926.0.el6_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6"); } }
NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-121129.NASL description This collective update for the GNU C library (glibc) provides the following fixes : - Fix strtod integer/buffer overflows. (bnc#775690, CVE-2012-3480) - Fix vfprintf handling of many format specifiers. (bnc#770891, CVE-2012-3404 / CVE-2012-3405 / CVE-2012-3406) - Fix pthread_cond_timedwait stack unwinding. (bnc#750741, bnc#777233) - Improve fix for dynamic library unloading. (bnc#783060) - Fix resolver when first query fails, but second one succeeds. (bnc#767266) last seen 2020-06-05 modified 2013-01-25 plugin id 64150 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64150 title SuSE 11.2 Security Update : glibc (SAT Patch Number 7110) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(64150); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480"); script_name(english:"SuSE 11.2 Security Update : glibc (SAT Patch Number 7110)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This collective update for the GNU C library (glibc) provides the following fixes : - Fix strtod integer/buffer overflows. (bnc#775690, CVE-2012-3480) - Fix vfprintf handling of many format specifiers. (bnc#770891, CVE-2012-3404 / CVE-2012-3405 / CVE-2012-3406) - Fix pthread_cond_timedwait stack unwinding. (bnc#750741, bnc#777233) - Improve fix for dynamic library unloading. (bnc#783060) - Fix resolver when first query fails, but second one succeeds. (bnc#767266)" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=750741" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=767266" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=770891" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=775690" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=777233" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=783060" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3404.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3405.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3406.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-3480.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7110."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-devel-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-i18ndata-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"glibc-locale-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"nscd-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i686", reference:"glibc-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i686", reference:"glibc-devel-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-devel-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-i18ndata-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-locale-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"nscd-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"glibc-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"glibc-devel-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"glibc-html-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"glibc-i18ndata-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"glibc-info-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"glibc-locale-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"glibc-profile-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"nscd-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.43.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.43.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1207.NASL description Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 61690 published 2012-08-28 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61690 title RHEL 5 : glibc (RHSA-2012:1207) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2012:1207. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(61690); script_version ("1.18"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-3480"); script_bugtraq_id(54982); script_xref(name:"RHSA", value:"2012:1207"); script_name(english:"RHEL 5 : glibc (RHSA-2012:1207)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug : * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2012:1207" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3480" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2012:1207"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"glibc-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-common-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-common-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-common-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", reference:"glibc-debuginfo-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-debuginfo-common-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", reference:"glibc-devel-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-headers-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-headers-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-headers-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"glibc-utils-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"glibc-utils-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"glibc-utils-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"nscd-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"nscd-2.5-81.el5_8.7")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"nscd-2.5-81.el5_8.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc"); } }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2012-120.NASL description Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 69610 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69610 title Amazon Linux AMI : glibc (ALAS-2012-120) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2012-120. # include("compat.inc"); if (description) { script_id(69610); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:34"); script_cve_id("CVE-2012-3480"); script_xref(name:"ALAS", value:"2012-120"); script_xref(name:"RHSA", value:"2012:1208"); script_name(english:"Amazon Linux AMI : glibc (ALAS-2012-120)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2012-120.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update glibc' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"glibc-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-common-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-debuginfo-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-debuginfo-common-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-devel-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-headers-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-static-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-utils-2.12-1.80.42.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nscd-2.12-1.80.42.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc"); }
NASL family Misc. NASL id VMWARE_ESXI_5_1_BUILD_1063671_REMOTE.NASL description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An integer overflow condition exists in the glibc library in the __tzfile_read() function that allows a denial of service or arbitrary code execution. (CVE-2009-5029) - An error exists in the glibc library related to modified loaders and last seen 2020-06-01 modified 2020-06-02 plugin id 70886 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70886 title ESXi 5.1 < Build 1063671 Multiple Vulnerabilities (remote check) NASL family Fedora Local Security Checks NASL id FEDORA_2012-11927.NASL description - Fix integer overflow leading to buffer overflow in strto* (#847718) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-08-20 plugin id 61584 published 2012-08-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61584 title Fedora 17 : glibc-2.15-56.fc17 (2012-11927) NASL family Misc. NASL id VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL description The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the last seen 2020-06-01 modified 2020-06-02 plugin id 70885 published 2013-11-13 reporter This script is (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70885 title ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-1251-1.NASL description This collective update for the GNU C library (glibc) provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) - Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed : - Fix locking in _IO_cleanup. (bnc#796982) - Fix resolver when first query fails, but seconds succeeds. [bnc #767266] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83594 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83594 title SUSE SLES11 Security Update : glibc (SUSE-SU-2013:1251-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-11928.NASL description - Fix integer overflow leading to buffer overflow in strto* (#847718) Avoid unbound alloca in vfprintf. (#841318) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-08-28 plugin id 61686 published 2012-08-28 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61686 title Fedora 16 : glibc-2.14.90-24.fc16.9 (2012-11928) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1589-1.NASL description It was discovered that positional arguments to the printf() family of functions were not handled properly in the GNU C Library. An attacker could possibly use this to cause a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) It was discovered that multiple integer overflows existed in the strtod(), strtof() and strtold() functions in the GNU C Library. An attacker could possibly use this to trigger a stack-based buffer overflow, creating a denial of service or possibly execute arbitrary code. (CVE-2012-3480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 62388 published 2012-10-02 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62388 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : eglibc, glibc vulnerabilities (USN-1589-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2012-1667-1.NASL description This update for GNU C library (glibc) fixes multiple integer overflows in strtod and related functions. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83570 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83570 title SUSE SLED10 / SLES10 Security Update : glibc (SUSE-SU-2012:1667-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-1287-1.NASL description This collective update for the GNU C library (glibc) provides the following fixes and enhancements : Security issues fixed : - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results (bnc#828637) - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029] Also several bugs were fixed : - Fix locking in _IO_cleanup. (bnc#796982) - Fix memory leak in execve. (bnc#805899) Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn last seen 2020-06-05 modified 2015-05-20 plugin id 83597 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83597 title SUSE SLES10 Security Update : glibc (SUSE-SU-2013:1287-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2012-1207.NASL description From Red Hat Security Advisory 2012:1207 : Updated glibc packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 68605 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68605 title Oracle Linux 5 : glibc (ELSA-2012-1207) NASL family Scientific Linux Local Security Checks NASL id SL_20120827_GLIBC_ON_SL6_X.NASL description The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-03-18 modified 2012-08-28 plugin id 61693 published 2012-08-28 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61693 title Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20120827) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-165.NASL description Several vulnerabilities have been fixed in eglibc, Debian last seen 2020-03-17 modified 2015-03-26 plugin id 82149 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82149 title Debian DLA-165-1 : eglibc security update NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2012-1262.NASL description An updated rhev-hypervisor5 package that fixes multiple security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78933 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78933 title RHEL 5 : rhev-hypervisor5 (RHSA-2012:1262) NASL family SuSE Local Security Checks NASL id SUSE_GLIBC-8387.NASL description This update for GNU C library (glibc) fixes multiple integer overflows in strtod and related functions. last seen 2020-06-05 modified 2012-12-19 plugin id 63295 published 2012-12-19 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63295 title SuSE 10 Security Update : glibc (ZYPP Patch Number 8387)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html
- http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html
- http://secunia.com/advisories/50201
- http://www.securityfocus.com/bid/54982
- http://www.openwall.com/lists/oss-security/2012/08/13/4
- http://sourceware.org/bugzilla/show_bug.cgi?id=14459
- http://osvdb.org/84710
- http://www.openwall.com/lists/oss-security/2012/08/13/6
- http://rhn.redhat.com/errata/RHSA-2012-1208.html
- http://rhn.redhat.com/errata/RHSA-2012-1207.html
- http://rhn.redhat.com/errata/RHSA-2012-1325.html
- http://rhn.redhat.com/errata/RHSA-2012-1262.html
- http://secunia.com/advisories/50422
- http://www.securitytracker.com/id?1027374
- http://www.ubuntu.com/usn/USN-1589-1
- https://security.gentoo.org/glsa/201503-04