Vulnerabilities > CVE-2013-0242 - Buffer Errors vulnerability in GNU Glibc 2.17

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
gnu
CWE-119
nessus

Summary

Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.

Vulnerable Configurations

Part Description Count
Application
Gnu
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0024.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id81119
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81119
    titleOracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2015-0024.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81119);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/27 13:00:34");
    
      script_cve_id("CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332", "CVE-2014-0475", "CVE-2014-5119", "CVE-2015-0235");
      script_bugtraq_id(57638, 58839, 62324, 68505, 68983, 69738, 72325);
    
      script_name(english:"OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Switch to use malloc when the input line is too long
        [Orabug 19951108]
    
      - Use a /sys/devices/system/cpu/online for
        _SC_NPROCESSORS_ONLN implementation [Orabug 17642251]
        (Joe Jin)
    
      - Fix parsing of numeric hosts in gethostbyname_r
        (CVE-2015-0235, #1183532).
    
      - Remove gconv transliteration loadable modules support
        (CVE-2014-5119, - _nl_find_locale: Improve handling of
        crafted locale names (CVE-2014-0475, 
    
      - Fix patch for integer overflows in *valloc and memalign.
        (CVE-2013-4332, #1011805).
    
      - Fix return code when starting an already started nscd
        daemon (#979413).
    
      - Fix getnameinfo for many PTR record queries (#1020486).
    
      - Return EINVAL error for negative sizees to getgroups
        (#995207).
    
      - Fix integer overflows in *valloc and memalign.
        (CVE-2013-4332, #1011805).
    
      - Add support for newer L3 caches on x86-64 and correctly
        count the number of hardware threads sharing a cacheline
        (#1003420).
    
      - Revert incomplete fix for bug #758193.
    
      - Fix _nl_find_msg malloc failure case, and callers
        (#957089).
    
      - Test on init_fct, not result->__init_fct, after
        demangling (#816647).
    
      - Don't handle ttl == 0 specially (#929035).
    
      - Fix multibyte character processing crash in regexp
        (CVE-2013-0242, #951132)
    
      - Fix getaddrinfo stack overflow resulting in application
        crash (CVE-2013-1914, #951132)
    
      - Add missing patch to avoid use after free (#816647)
    
      - Fix race in initgroups compat_call (#706571)
    
      - Fix return value from getaddrinfo when servers are down.
        (#758193)
    
      - Fix fseek on wide character streams. Sync's seeking code
        with RHEL 6 (#835828)
    
      - Call feraiseexcept only if exceptions are not masked
        (#861871).
    
      - Always demangle function before checking for NULL value.
        (#816647).
    
      - Do not fail in ttyname if /proc is not available
        (#851450).
    
      - Fix errno for various overflow situations in vfprintf.
        Add missing overflow checks. (#857387)
    
      - Handle failure of _nl_explode_name in all cases
        (#848481)
    
      - Define the default fuzz factor to 2 to make it easier to
        manipulate RHEL 5 RPMs on RHEL 6 and newer systems.
    
      - Fix race in intl/* testsuite (#849202)
    
      - Fix out of bounds array access in strto* exposed by
        847930 patch.
    
      - Really fix POWER4 strncmp crash (#766832).
    
      - Fix integer overflow leading to buffer overflow in
        strto* (#847930)
    
      - Fix race in msort/qsort (#843672)
    
      - Fix regression due to 797096 changes (#845952)
    
      - Do not use PT_IEEE_IP ptrace calls (#839572)
    
      - Update ULPs (#837852)
    
      - Fix various transcendentals in non-default rounding
        modes (#837852)
    
      - Fix unbound alloca in vfprintf (#826947)
    
      - Fix iconv segfault if the invalid multibyte character
        0xffff is input when converting from IBM930. (#823905)
    
      - Fix fnmatch when '*' wildcard is applied on a file name
        containing multibyte chars. (#819430)
    
      - Fix unbound allocas use in glob_in_dir, getaddrinfo and
        others. (#797096)
    
      - Fix segfault when running ld.so --verify on some DSO's
        in current working directory. (#808342)
    
      - Incorrect initialization order for dynamic loader
        (#813348)
    
      - Fix return code when stopping already stopped nscd
        daemon (#678227)
    
      - Remove MAP_32BIT for pthread stack mappings, use
        MAP_STACK instead (#641094)
    
      - Fix setuid vs sighandler_setxid race (#769852)
    
      - Fix access after end of search string in regex matcher
        (#757887)
    
      - Fix POWER4 strncmp crash (#766832)
    
      - Fix SC_*CACHE detection for X5670 cpus (#692182)
    
      - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)
    
      - Fix double-free in nss_nis code (#500767)
    
      - Add kernel VDSO support for s390x (#795896)
    
      - Fix race in malloc arena creation and make
        implementation match documented behaviour (#800240)
    
      - Do not override TTL of CNAME with TTL of its alias
        (#808014)
    
      - Fix short month names in fi_FI locale #(657266).
    
      - Fix nscd crash for group with large number of members
        (#788989)
    
      - Fix Slovakia currency (#799853)
    
      - Fix getent malloc failure check (#806403)
    
      - Fix short month names in zh_CN locale (#657588)
    
      - Fix decimal point symbol for Portuguese currency
        (#710216)
    
      - Avoid integer overflow in sbrk (#767358)
    
      - Avoid race between [,__de]allocate_stack and
        __reclaim_stacks during fork (#738665)
    
      - Fix race between IO_flush_all_lockp & pthread_cancel
        (#751748)
    
      - Fix memory leak in NIS endgrent (#809325)
    
      - Allow getaddr to accept SCTP socket types in hints
        (#765710)
    
      - Fix errno handling in vfprintf (#794814)
    
      - Filter out <built-in> when building file lists
        (#784646).
    
      - Avoid 'nargs' integer overflow which could be used to
        bypass FORTIFY_SOURCE (#794814)
    
      - Fix currency_symbol for uk_UA (#639000)"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000261.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b908cf01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc / glibc-common / nscd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/02");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS2.2", reference:"glibc-2.5-123.0.1.el5_11.1")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"glibc-common-2.5-123.0.1.el5_11.1")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"nscd-2.5-123.0.1.el5_11.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / nscd");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-163.NASL
    descriptionMultiple vulnerabilities has been discovered and corrected in glibc : Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters (CVE-2013-0242). Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results (CVE-2013-1914). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66342
    published2013-05-08
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66342
    titleMandriva Linux Security Advisory : glibc (MDVSA-2013:163)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:163. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66342);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2013-0242", "CVE-2013-1914");
      script_bugtraq_id(57638, 58839);
      script_xref(name:"MDVSA", value:"2013:163");
    
      script_name(english:"Mandriva Linux Security Advisory : glibc (MDVSA-2013:163)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been discovered and corrected in glibc :
    
    Buffer overflow in the extend_buffers function in the regular
    expression matcher (posix/regexec.c) in glibc, possibly 2.17 and
    earlier, allows context-dependent attackers to cause a denial of
    service (memory corruption and crash) via crafted multibyte characters
    (CVE-2013-0242).
    
    Stack-based buffer overflow in the getaddrinfo function in
    sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17
    and earlier allows remote attackers to cause a denial of service
    (crash) via a (1) hostname or (2) IP address that triggers a large
    number of domain conversion results (CVE-2013-1914).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-devel-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"glibc-doc-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"glibc-doc-pdf-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-i18ndata-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-profile-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-static-devel-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-utils-2.14.1-12.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nscd-2.14.1-12.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1527.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes multiple security issues and one bug is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of
    last seen2020-06-01
    modified2020-06-02
    plugin id78979
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78979
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1527. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78979);
      script_version("1.13");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2010-5107", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-4238", "CVE-2013-4344");
      script_bugtraq_id(58162, 61738, 62042, 62043, 62049, 62773);
      script_xref(name:"RHSA", value:"2013:1527");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1527)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes multiple security
    issues and one bug is now available.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: a subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization
    Hypervisor through the 3.2 Manager administration portal, the Host may
    appear with the status of 'Install Failed'. If this happens, place the
    host into maintenance mode, then activate it again to get the host
    back to an 'Up' state.
    
    A buffer overflow flaw was found in the way QEMU processed the SCSI
    'REPORT LUNS' command when more than 256 LUNs were specified for a
    single SCSI target. A privileged guest user could use this flaw to
    corrupt QEMU process memory on the host, which could potentially
    result in arbitrary code execution on the host with the privileges of
    the QEMU process. (CVE-2013-4344)
    
    Multiple flaws were found in the way Linux kernel handled HID (Human
    Interface Device) reports. An attacker with physical access to the
    system could use this flaw to crash the system or, potentially,
    escalate their privileges on the system. (CVE-2013-2888,
    CVE-2013-2889, CVE-2013-2892)
    
    A flaw was found in the way the Python SSL module handled X.509
    certificate fields that contain a NULL byte. An attacker could
    potentially exploit this flaw to conduct man-in-the-middle attacks to
    spoof SSL servers. Note that to exploit this issue, an attacker would
    need to obtain a carefully crafted certificate signed by an authority
    that the client trusts. (CVE-2013-4238)
    
    The default OpenSSH configuration made it easy for remote attackers to
    exhaust unauthorized connection slots and prevent other users from
    being able to log in to a system. This flaw has been addressed by
    enabling random early connection drops by setting MaxStartups to
    10:30:100 by default. For more information, refer to the
    sshd_config(5) man page. (CVE-2010-5107)
    
    The CVE-2013-4344 issue was discovered by Asias He of Red Hat.
    
    This updated package provides updated components that include fixes
    for various security issues. These issues have no security impact on
    Red Hat Enterprise Virtualization Hypervisor itself, however. The
    security fixes included in this update address the following CVE
    numbers :
    
    CVE-2012-0786 and CVE-2012-0787 (augeas issues)
    
    CVE-2013-1813 (busybox issue)
    
    CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223 (coreutils issues)
    
    CVE-2012-4453 (dracut issue)
    
    CVE-2013-4332, CVE-2013-0242, and CVE-2013-1914 (glibc issues)
    
    CVE-2013-4387, CVE-2013-0343, CVE-2013-4345, CVE-2013-4591,
    CVE-2013-4592, CVE-2012-6542, CVE-2013-3231, CVE-2013-1929,
    CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, and
    CVE-2013-2851 (kernel issues)
    
    CVE-2013-4242 (libgcrypt issue)
    
    CVE-2013-4419 (libguestfs issue)
    
    CVE-2013-1775, CVE-2013-2776, and CVE-2013-2777 (sudo issues)
    
    This update also fixes the following bug :
    
    * A previous version of the rhev-hypervisor6 package did not contain
    the latest vhostmd package, which provides a 'metrics communication
    channel' between a host and its hosted virtual machines, allowing
    limited introspection of host resource usage from within virtual
    machines. This has been fixed, and rhev-hypervisor6 now includes the
    latest vhostmd package. (BZ#1026703)
    
    This update also contains the fixes from the following errata :
    
    * ovirt-node: https://rhn.redhat.com/errata/RHBA-2013-1528.html
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package, which corrects these issues."
      );
      # https://rhn.redhat.com/errata/RHBA-2013-1528.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHBA-2013:1528"
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-5107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2889"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4238"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1527";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20131115.0.3.2.el6_5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_2323231_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.1 prior to build 2323231. It is, therefore, affected by the following vulnerabilities in the glibc library : - A buffer overflow flaw exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id80037
    published2014-12-15
    reporterThis script is (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80037
    titleESXi 5.1 < Build 2323231 glibc Library Multiple Vulnerabilities (remote check)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130424_GLIBC_ON_SL5_X.NASL
    descriptionIt was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : - The improvements made in a previous update to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. - It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access.
    last seen2020-03-18
    modified2013-04-26
    plugin id66227
    published2013-04-26
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66227
    titleScientific Linux Security Update : glibc on SL5.x i386/x86_64 (20130424)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201503-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id81689
    published2015-03-09
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81689
    titleGLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0769.NASL
    descriptionFrom Red Hat Security Advisory 2013:0769 : Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : * The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535) * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493) Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68814
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68814
    titleOracle Linux 5 : glibc (ELSA-2013-0769)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-4174.NASL
    descriptionFix multibyte character processing crash in regexp (#922889, #905874, CVE-2013-0242) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-06-02
    plugin id66724
    published2013-06-02
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66724
    titleFedora 17 : glibc-2.15-59.fc17 (2013-4174)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1605.NASL
    descriptionUpdated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id71009
    published2013-11-21
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71009
    titleRHEL 6 : glibc (RHSA-2013:1605)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1605.NASL
    descriptionUpdated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id79166
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79166
    titleCentOS 6 : glibc (CESA-2013:1605)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131121_GLIBC_ON_SL6_X.NASL
    descriptionMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc
    last seen2020-03-18
    modified2013-12-04
    plugin id71193
    published2013-12-04
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71193
    titleScientific Linux Security Update : glibc on SL6.x i386/x86_64 (20131121)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238) - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332) - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191) - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
    last seen2020-06-01
    modified2020-06-02
    plugin id79862
    published2014-12-12
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79862
    titleESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1128-1.NASL
    descriptionThis glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83638
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83638
    titleSUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-270.NASL
    descriptionMultiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id71582
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71582
    titleAmazon Linux AMI : glibc (ALAS-2013-270)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-4100.NASL
    descriptionFix multibyte character processing crash in regexp (CVE-2013-0242). Fix ownership of /usr/lib[64]/audit (#894307). Rename release engineering directory to `releng
    last seen2020-03-17
    modified2013-04-01
    plugin id65745
    published2013-04-01
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/65745
    titleFedora 18 : glibc-2.16-30.fc18 (2013-4100)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GLIBC-130917.NASL
    descriptionThis update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in <sys/mount.h>. (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Don
    last seen2020-06-05
    modified2013-12-10
    plugin id71308
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71308
    titleSuSE 11.3 Security Update : glibc (SAT Patch Number 8337)
  • NASL familyMisc.
    NASL idVMWARE_ESXI_5_5_BUILD_2068190_REMOTE.NASL
    descriptionThe remote VMware ESXi host is version 5.5 prior to build 1980513. It is, therefore, affected by the following vulnerabilities in the glibc library : - A buffer overflow flaw exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id78108
    published2014-10-09
    reporterThis script is (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78108
    titleESXi 5.5 < Build 1980513 glibc Library Multiple Vulnerabilities (remote check)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1605.NASL
    descriptionFrom Red Hat Security Advisory 2013:1605 : Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id71106
    published2013-11-27
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71106
    titleOracle Linux 6 : glibc (ELSA-2013-1605)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2014-0008.NASL
    descriptiona. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. c. Update to ESXi glibc package glibc is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. d. vCenter and Update Manager, Oracle JRE 1.7 Update 55 Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory.
    last seen2020-06-01
    modified2020-06-02
    plugin id77630
    published2014-09-11
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77630
    titleVMSA-2014-0008 : VMware vSphere product updates to third-party libraries
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0769.NASL
    descriptionUpdated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : * The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535) * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493) Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66217
    published2013-04-26
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66217
    titleCentOS 5 : glibc (CESA-2013:0769)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-723.NASL
    descriptionThis update fixes the following issues in glibc : - CVE-2012-4412: glibc: buffer overflow in strcoll - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r() - bnc#805054: man 1 locale mentions non-existent file - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed - bnc#819383: pldd a process multiple times can freeze the process - bnc#819524: nscd segfault - bnc#824046: glibc: blacklist code in bindresvport doesn
    last seen2020-06-05
    modified2014-06-13
    plugin id75154
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75154
    titleopenSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-165.NASL
    descriptionSeveral vulnerabilities have been fixed in eglibc, Debian
    last seen2020-03-17
    modified2015-03-26
    plugin id82149
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82149
    titleDebian DLA-165-1 : eglibc security update
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0769.NASL
    descriptionUpdated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : * The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535) * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493) Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66211
    published2013-04-25
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66211
    titleRHEL 5 : glibc (RHSA-2013:0769)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1991-1.NASL
    descriptionIt was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424) It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. (CVE-2013-0242) It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. (CVE-2013-1914) It was discovered that the GNU C Library readdir_r() function incorrectly handled crafted NTFS or CIFS images. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4237) It was discovered that the GNU C Library incorrectly handled memory allocation. An attacker could use this issue to cause a denial of service. (CVE-2013-4332). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id70538
    published2013-10-22
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70538
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GLIBC-130913.NASL
    descriptionThis update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in <sys/mount.h>. (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec. (bnc#818628) - Don
    last seen2020-06-05
    modified2013-12-10
    plugin id71307
    published2013-12-10
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71307
    titleSuSE 11.2 Security Update : glibc (SAT Patch Number 8335)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. (CVE-2010-3847) - ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. (CVE-2010-3856) - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. (CVE-2012-4412) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. (CVE-2012-4424) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially- crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker- controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914, CVE-2013-4458) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (CVE-2013-2207) - An out-of-bounds write flaw was found in the way the glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id127161
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127161
    titleNewStart CGSL MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0012)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0023.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id81118
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81118
    titleOracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1551.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778) - A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132) - It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.(CVE-2012-4424) - It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application.(CVE-2015-8777) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.(CVE-2013-2207) - A stack overflow flaw was found in glibc
    last seen2020-03-17
    modified2019-05-14
    plugin id125004
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125004
    titleEulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1122-1.NASL
    descriptionThis glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don
    last seen2020-06-05
    modified2015-05-20
    plugin id83637
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83637
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2014-0008_REMOTE.NASL
    descriptionThe remote ESXi host is affected by multiple denial of service vulnerabilities in the glibc library : - A buffer overflow condition exists in the extend_buffers() function in file posix/regexec.c due to improper validation of user-supplied input when handling multibyte characters in a regular expression. An unauthenticated, remote attacker can exploit this, via a crafted regular expression, to corrupt the memory, resulting in a denial of service. (CVE-2013-0242) - A stack-based buffer overflow condition exists in the getaddrinfo() function in file posix/getaddrinfo.c due to improper validation of user-supplied input during the handling of domain conversion results. An unauthenticated, remote attacker can exploit this to cause a denial of service by using a crafted host name or IP address that triggers a large number of domain conversion results. (CVE-2013-1914)
    last seen2020-06-01
    modified2020-06-02
    plugin id87679
    published2015-12-30
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/87679
    titleVMware ESXi Multiple DoS (VMSA-2014-0008)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0017.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id79539
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79539
    titleOracleVM 3.3 : glibc (OVMSA-2014-0017)

Redhat

advisories
  • rhsa
    idRHSA-2013:0769
  • rhsa
    idRHSA-2013:1605
rpms
  • glibc-0:2.5-107.el5_9.4
  • glibc-common-0:2.5-107.el5_9.4
  • glibc-debuginfo-0:2.5-107.el5_9.4
  • glibc-debuginfo-common-0:2.5-107.el5_9.4
  • glibc-devel-0:2.5-107.el5_9.4
  • glibc-headers-0:2.5-107.el5_9.4
  • glibc-utils-0:2.5-107.el5_9.4
  • nscd-0:2.5-107.el5_9.4
  • glibc-0:2.12-1.132.el6
  • glibc-common-0:2.12-1.132.el6
  • glibc-debuginfo-0:2.12-1.132.el6
  • glibc-debuginfo-common-0:2.12-1.132.el6
  • glibc-devel-0:2.12-1.132.el6
  • glibc-headers-0:2.12-1.132.el6
  • glibc-static-0:2.12-1.132.el6
  • glibc-utils-0:2.12-1.132.el6
  • nscd-0:2.12-1.132.el6