Vulnerabilities > CVE-2013-4237 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in GNU Glibc
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0033.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). - Add mmap usage to malloc_info output (#1027261). - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). - Also relocate in dependency order when doing symbol dependency testing (#1019916). - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). - nscd: Make SELinux checks dynamic (#1025933). - Fix race in free of fastbin chunk (#1027101). - Fix copy relocations handling of unique objects (#1032628). - Fix encoding name for IDN in getaddrinfo (#981942). - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen last seen 2020-06-01 modified 2020-06-02 plugin id 79548 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79548 title OracleVM 3.3 : glibc (OVMSA-2014-0033) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2014-0033. # include("compat.inc"); if (description) { script_id(79548); script_version("1.8"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2013-4237", "CVE-2013-4458", "CVE-2014-0475", "CVE-2014-5119"); script_bugtraq_id(61729, 63299, 68505, 68983, 69738); script_name(english:"OracleVM 3.3 : glibc (OVMSA-2014-0033)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). - Add mmap usage to malloc_info output (#1027261). - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). - Also relocate in dependency order when doing symbol dependency testing (#1019916). - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). - nscd: Make SELinux checks dynamic (#1025933). - Fix race in free of fastbin chunk (#1027101). - Fix copy relocations handling of unique objects (#1032628). - Fix encoding name for IDN in getaddrinfo (#981942). - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557)." ); # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000229.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bed5f80b" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc / glibc-common / nscd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"glibc-2.12-1.149.el6")) flag++; if (rpm_check(release:"OVS3.3", reference:"glibc-common-2.12-1.149.el6")) flag++; if (rpm_check(release:"OVS3.3", reference:"nscd-2.12-1.149.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / nscd"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1391.NASL description From Red Hat Security Advisory 2014:1391 : Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78524 published 2014-10-17 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78524 title Oracle Linux 6 : glibc (ELSA-2014-1391) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1391 and # Oracle Linux Security Advisory ELSA-2014-1391 respectively. # include("compat.inc"); if (description) { script_id(78524); script_version("1.11"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2013-4237", "CVE-2013-4458"); script_bugtraq_id(61729, 63299, 68505, 68983); script_xref(name:"RHSA", value:"2014:1391"); script_name(english:"Oracle Linux 6 : glibc (ELSA-2014-1391)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:1391 : Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-4458) These updated glibc packages also include several bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004526.html" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"glibc-2.12-1.149.el6")) flag++; if (rpm_check(release:"EL6", reference:"glibc-common-2.12-1.149.el6")) flag++; if (rpm_check(release:"EL6", reference:"glibc-devel-2.12-1.149.el6")) flag++; if (rpm_check(release:"EL6", reference:"glibc-headers-2.12-1.149.el6")) flag++; if (rpm_check(release:"EL6", reference:"glibc-static-2.12-1.149.el6")) flag++; if (rpm_check(release:"EL6", reference:"glibc-utils-2.12-1.149.el6")) flag++; if (rpm_check(release:"EL6", reference:"nscd-2.12-1.149.el6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201503-04.NASL description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 81689 published 2015-03-09 reporter This script is Copyright (C) 2015-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81689 title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201503-04. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(81689); script_version("$Revision: 1.22 $"); script_cvs_date("$Date: 2016/05/20 14:03:00 $"); script_cve_id("CVE-2012-3404", "CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2012-6656", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-2207", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-4043", "CVE-2015-0235"); script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 61960, 62324, 63299, 68006, 69470, 72325); script_xref(name:"GLSA", value:"201503-04"); script_name(english:"GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201503-04" ); script_set_attribute( attribute:"solution", value: "All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.19-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-libs/glibc", unaffected:make_list("ge 2.19-r1"), vulnerable:make_list("lt 2.19-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU C Library"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-296-01.NASL description New glibc packages are available for Slackware 14.1 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78656 published 2014-10-24 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78656 title Slackware 14.1 / current : glibc (SSA:2014-296-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2014-296-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(78656); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2015/01/28 19:00:57 $"); script_cve_id("CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4237", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040"); script_xref(name:"SSA", value:"2014-296-01"); script_name(english:"Slackware 14.1 / current : glibc (SSA:2014-296-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New glibc packages are available for Slackware 14.1 and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5118ccd5" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-solibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.1", pkgname:"glibc", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1119-1.NASL description This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#772242: Replace scope handing with master state - bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) - bnc#818630: Fall back to localhost if no nameserver defined - bnc#828235: Fix missing character in IBM-943 charset - bnc#828637: Fix use of alloca in gaih_inet - bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83634 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83634 title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:1119-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83634); script_version("2.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4412", "CVE-2013-4237", "CVE-2014-5119"); script_bugtraq_id(55462, 61729, 68983, 69738); script_name(english:"SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#772242: Replace scope handing with master state - bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) - bnc#818630: Fall back to localhost if no nameserver defined - bnc#828235: Fix missing character in IBM-943 charset - bnc#828637: Fix use of alloca in gaih_inet - bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772242" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=818630" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828235" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828637" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834594" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=892073" ); # https://download.suse.com/patch/finder/?keywords=767429925ce018c15cbe14c33d6a0f11 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2e4ddbfb" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-4412/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-4237/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-5119/" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20141119-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9acd37d5" ); script_set_attribute(attribute:"solution", value:"Update the affected glibc packages"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-devel-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-locale-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-profile-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-devel-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-locale-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-profile-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-devel-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-html-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-i18ndata-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-info-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-locale-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-profile-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"nscd-2.4-31.111.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-283.NASL description Updated glibc packages fixes the following security issues : Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow (CVE-2012-4412). Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function (CVE-2012-4424). pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207). NOTE! This is fixed by removing pt_chown wich may break chroots if their devpts was not mounted correctly (make sure to mount the devpts correctly with gid=5). sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image (CVE-2013-4237). Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions (CVE-2013-4332). A stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc last seen 2020-06-01 modified 2020-06-02 plugin id 71092 published 2013-11-26 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71092 title Mandriva Linux Security Advisory : glibc (MDVSA-2013:283) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1391.NASL description Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78408 published 2014-10-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78408 title RHEL 6 : glibc (RHSA-2014:1391) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1128-1.NASL description This glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83638 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83638 title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1) NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-130917.NASL description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in <sys/mount.h>. (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Don last seen 2020-06-05 modified 2013-12-10 plugin id 71308 published 2013-12-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71308 title SuSE 11.3 Security Update : glibc (SAT Patch Number 8337) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1552.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277) - A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475) - It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776) - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670) - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788) - An out-of-bounds read flaw was found in the way glibc last seen 2020-06-01 modified 2020-06-02 plugin id 125005 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125005 title EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-723.NASL description This update fixes the following issues in glibc : - CVE-2012-4412: glibc: buffer overflow in strcoll - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r() - bnc#805054: man 1 locale mentions non-existent file - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed - bnc#819383: pldd a process multiple times can freeze the process - bnc#819524: nscd segfault - bnc#824046: glibc: blacklist code in bindresvport doesn last seen 2020-06-05 modified 2014-06-13 plugin id 75154 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75154 title openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1) NASL family Scientific Linux Local Security Checks NASL id SL_20141014_GLIBC_ON_SL6_X.NASL description An out-of-bounds write flaw was found in the way the glibc last seen 2020-03-18 modified 2014-11-04 plugin id 78844 published 2014-11-04 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78844 title Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20141014) NASL family Fedora Local Security Checks NASL id FEDORA_2013-15053.NASL description glibc security update : CVE-2012-4412 glibc: strcoll() integer overflow leading to buffer overflow CVE-2012-4424 glibc: alloca() stack overflow in the strcoll() interface CVE-2013-1914 glibc: Stack (frame) overflow in getaddrinfo() when processing entry mapping to long list of address structures CVE-2013-2207 glibc (pt_chown): Improper pseudotty ownership and permissions changes when granting access to the slave pseudoterminal CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters Fix for CVE-2013-2207 may break chroots if their devpts was not mounted correctly. Fix is to mount the devpts correctly with gid=5. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-08-22 plugin id 69436 published 2013-08-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69436 title Fedora 19 : glibc-2.17-13.fc19 (2013-15053) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-165.NASL description Several vulnerabilities have been fixed in eglibc, Debian last seen 2020-03-17 modified 2015-03-26 plugin id 82149 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82149 title Debian DLA-165-1 : eglibc security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1991-1.NASL description It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424) It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. (CVE-2013-0242) It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. (CVE-2013-1914) It was discovered that the GNU C Library readdir_r() function incorrectly handled crafted NTFS or CIFS images. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4237) It was discovered that the GNU C Library incorrectly handled memory allocation. An attacker could use this issue to cause a denial of service. (CVE-2013-4332). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 70538 published 2013-10-22 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70538 title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1) NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-130913.NASL description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in <sys/mount.h>. (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec. (bnc#818628) - Don last seen 2020-06-05 modified 2013-12-10 plugin id 71307 published 2013-12-10 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71307 title SuSE 11.2 Security Update : glibc (SAT Patch Number 8335) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0012_GLIBC.NASL description The remote NewStart CGSL host, running version MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. (CVE-2010-3847) - ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. (CVE-2010-3856) - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. (CVE-2012-4412) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. (CVE-2012-4424) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially- crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) - It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker- controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914, CVE-2013-4458) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. (CVE-2013-2207) - An out-of-bounds write flaw was found in the way the glibc last seen 2020-06-01 modified 2020-06-02 plugin id 127161 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127161 title NewStart CGSL MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0012) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1391.NASL description Updated glibc packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc last seen 2020-06-01 modified 2020-06-02 plugin id 79180 published 2014-11-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79180 title CentOS 6 : glibc (CESA-2014:1391) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1122-1.NASL description This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don last seen 2020-06-05 modified 2015-05-20 plugin id 83637 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83637 title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)
Redhat
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=995839
- http://www.openwall.com/lists/oss-security/2013/08/12/8
- https://sourceware.org/bugzilla/show_bug.cgi?id=14699
- http://secunia.com/advisories/55113
- http://www.ubuntu.com/usn/USN-1991-1
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:283
- http://www.securityfocus.com/bid/61729
- https://security.gentoo.org/glsa/201503-04
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3