Vulnerabilities > CVE-2013-4357 - Classic Buffer Overflow vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0170-1.NASL
    descriptionglibc has been updated to fix security issues : - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, CVE-2012-6656, bsc#894553, bsc#894556, GLIBC BZ #17325, GLIBC BZ #14134) - Fixed a stack overflow during hosts parsing (CVE-2013-4357) - Copy filename argument in posix_spawn_file_actions_addopen (CVE-2014-4043, bsc#882600, BZ #17048) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83675
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83675
    titleSUSE SLES10 Security Update : glibc (SUSE-SU-2015:0170-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:0170-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83675);
      script_version("2.9");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2012-6656", "CVE-2013-4357", "CVE-2014-4043", "CVE-2014-6040");
      script_bugtraq_id(67992, 68006, 69470, 69472);
    
      script_name(english:"SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0170-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "glibc has been updated to fix security issues :
    
      - Fix crashes on invalid input in IBM gconv modules
        (CVE-2014-6040, CVE-2012-6656, bsc#894553, bsc#894556,
        GLIBC BZ #17325, GLIBC BZ #14134)
    
      - Fixed a stack overflow during hosts parsing
        (CVE-2013-4357)
    
      - Copy filename argument in
        posix_spawn_file_actions_addopen (CVE-2014-4043,
        bsc#882600, BZ #17048)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=844309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=882600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=894553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=894556"
      );
      # https://download.suse.com/patch/finder/?keywords=1ccbe69cba5cc8835258525263c85657
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?18c9278a"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-6656/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4357/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-6040/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20150170-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dcd4c243"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected glibc packages");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-devel-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-locale-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-profile-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-devel-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-locale-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-profile-32bit-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-devel-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-html-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-i18ndata-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-info-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-locale-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-profile-2.4-31.115.2")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"nscd-2.4-31.115.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0164-1.NASL
    descriptionglibc has been updated to fix one security issue and several bugs : Security issue fixed : - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, CVE-2012-6656) - Fixed a stack overflow during hosts parsing (CVE-2013-4357) Bugs fixed : - don
    last seen2020-06-01
    modified2020-06-02
    plugin id83673
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83673
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:0164-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83673);
      script_version("2.7");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2012-6656", "CVE-2013-4357", "CVE-2014-6040");
      script_bugtraq_id(67992, 69470, 69472);
    
      script_name(english:"SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0164-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "glibc has been updated to fix one security issue and several bugs :
    
    Security issue fixed :
    
      - Fix crashes on invalid input in IBM gconv modules
        (CVE-2014-6040, CVE-2012-6656)
    
      - Fixed a stack overflow during hosts parsing
        (CVE-2013-4357)
    
    Bugs fixed :
    
      - don't touch user-controlled stdio locks in forked child
        (bsc#864081, GLIBC BZ #12847)
    
      - Fix infinite loop in check_pf (bsc#909053, GLIBC BZ
        #12926)
    
      - Add check for RTLD_DEEPBIND environment variable to
        disable deepbinding of NSS modules (bsc#888860)
    
      - Fix infinite loop in check_pf (bsc#909053, GLIBC BZ
        #12926)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=844309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=888860"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=894553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=894556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=909053"
      );
      # https://download.suse.com/patch/finder/?keywords=0d01346ebb9d9e39d1c632f49a85a7ee
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2d6d44bc"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-6656/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4357/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-6040/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20150164-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f66ba9d9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11 SP1 LTSS :
    
    zypper in -t patch slessp1-glibc-10217
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"glibc-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"glibc-devel-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"glibc-locale-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"glibc-profile-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"glibc-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"glibc-devel-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"glibc-locale-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"glibc-profile-32bit-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"glibc-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"glibc-devel-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"glibc-html-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"glibc-i18ndata-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"glibc-info-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"glibc-locale-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"glibc-profile-2.11.1-0.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"1", reference:"nscd-2.11.1-0.62.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2306-1.NASL
    descriptionMaksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458) Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. (CVE-2014-4043). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id76999
    published2014-08-05
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76999
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerabilities (USN-2306-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2306-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76999);
      script_version("1.10");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2013-4357", "CVE-2013-4458", "CVE-2014-0475", "CVE-2014-4043");
      script_bugtraq_id(63299, 67992, 68505);
      script_xref(name:"USN", value:"2306-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerabilities (USN-2306-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
    handled the getaddrinfo() function. An attacker could use this issue
    to cause a denial of service. This issue only affected Ubuntu 10.04
    LTS. (CVE-2013-4357)
    
    It was discovered that the GNU C Library incorrectly handled the
    getaddrinfo() function. An attacker could use this issue to cause a
    denial of service. This issue only affected Ubuntu 10.04 LTS and
    Ubuntu 12.04 LTS. (CVE-2013-4458)
    
    Stephane Chazelas discovered that the GNU C Library incorrectly
    handled locale environment variables. An attacker could use this issue
    to possibly bypass certain restrictions such as the ForceCommand
    restrictions in OpenSSH. (CVE-2014-0475)
    
    David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
    Library incorrectly handled posix_spawn_file_actions_addopen() path
    arguments. An attacker could use this issue to cause a denial of
    service. (CVE-2014-4043).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2306-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected libc6 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|12\.04|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 12.04 / 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libc6", pkgver:"2.11.1-0ubuntu7.14")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"libc6", pkgver:"2.15-0ubuntu10.6")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libc6", pkgver:"2.19-0ubuntu6.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1129-1.NASL
    descriptionThis glibc update fixes a critical privilege escalation problem and two additional issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. - bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) - bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83639
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83639
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:1129-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83639);
      script_version("2.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-6656", "CVE-2013-4357", "CVE-2014-5119", "CVE-2014-6040");
      script_bugtraq_id(67992, 68983, 69470, 69472, 69738);
    
      script_name(english:"SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This glibc update fixes a critical privilege escalation problem and
    two additional issues :
    
      - bnc#892073: An off-by-one error leading to a heap-based
        buffer overflow was found in __gconv_translit_find(). An
        exploit that targets the problem is publicly available.
        (CVE-2014-5119)
    
      - bnc#836746: Avoid race between {, __de}allocate_stack
        and __reclaim_stacks during fork.
    
      - bnc#844309: Fixed various overflows, reading large
        /etc/hosts or long names. (CVE-2013-4357)
    
      - bnc#894553, bnc#894556: Fixed various crashes on invalid
        input in IBM gconv modules. (CVE-2014-6040,
        CVE-2012-6656)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=836746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=844309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894556"
      );
      # https://download.suse.com/patch/finder/?keywords=cd8403453563e9d5a949d2219d62a993
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?12c9123b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-6656/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4357/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5119/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-6040/"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20141129-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ab20b15d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11 SP2 LTSS :
    
    zypper in -t patch slessp2-glibc-9721
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-devel-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-html-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-i18ndata-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-info-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-locale-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-profile-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"nscd-2.11.3-17.45.53.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GLIBC-140515.NASL
    descriptionThis update for the GNU Lib C fixes security issues, some bugs and introduces one new feature. The following security issues have been fixed : - Various potential stack overflows in getaddrinfo() and others were fixed. (bnc#844309). (CVE-2013-4357) - A stack (frame) overflow in getaddrinfo() when called with AF_INET6. The following new feature has been implemented:. (CVE-2013-4458) - On PowerLinux, a vDSO entry for getcpu() was added for possible performance enhancements. (FATE#316816, bnc#854445) The following issues have been fixed : - Performance problems with threads in __lll_lock_wait_private and __lll_unlock_wake_private. (bnc#836746) - IPv6: Memory leak in getaddrinfo() when many RRs are returned. (bnc#863499) - Using profiling C library (-lc_p) can trigger a segmentation fault. (bnc#872832)
    last seen2020-06-05
    modified2014-06-06
    plugin id74351
    published2014-06-06
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74351
    titleSuSE 11.3 Security Update : glibc (SAT Patch Number 9262)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74351);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4357", "CVE-2013-4458");
    
      script_name(english:"SuSE 11.3 Security Update : glibc (SAT Patch Number 9262)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for the GNU Lib C fixes security issues, some bugs and
    introduces one new feature.
    
    The following security issues have been fixed :
    
      - Various potential stack overflows in getaddrinfo() and
        others were fixed. (bnc#844309). (CVE-2013-4357)
    
      - A stack (frame) overflow in getaddrinfo() when called
        with AF_INET6. The following new feature has been
        implemented:. (CVE-2013-4458)
    
      - On PowerLinux, a vDSO entry for getcpu() was added for
        possible performance enhancements. (FATE#316816,
        bnc#854445) The following issues have been fixed :
    
      - Performance problems with threads in
        __lll_lock_wait_private and __lll_unlock_wake_private.
        (bnc#836746)
    
      - IPv6: Memory leak in getaddrinfo() when many RRs are
        returned. (bnc#863499)
    
      - Using profiling C library (-lc_p) can trigger a
        segmentation fault. (bnc#872832)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=836746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=844309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=847227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=863499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=872832"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4357.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4458.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9262.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-locale-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:glibc-profile-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-devel-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-i18ndata-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"glibc-locale-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"nscd-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i686", reference:"glibc-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i686", reference:"glibc-devel-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-devel-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-i18ndata-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-locale-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"nscd-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"glibc-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"glibc-devel-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"glibc-html-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"glibc-i18ndata-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"glibc-info-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"glibc-locale-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"glibc-profile-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"nscd-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.62.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.62.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2306-2.NASL
    descriptionUSN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. We apologize for the inconvenience. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458) Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. (CVE-2014-4043). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77019
    published2014-08-06
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77019
    titleUbuntu 10.04 LTS : eglibc regression (USN-2306-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2306-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77019);
      script_version("1.9");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2013-4357", "CVE-2013-4458", "CVE-2014-0475", "CVE-2014-4043");
      script_bugtraq_id(63299, 67992, 68006, 68505);
      script_xref(name:"USN", value:"2306-2");
    
      script_name(english:"Ubuntu 10.04 LTS : eglibc regression (USN-2306-2)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04
    LTS, the security update cause a regression in certain environments
    that use the Name Service Caching Daemon (nscd), such as those
    configured for LDAP or MySQL authentication. In these environments,
    the nscd daemon may need to be stopped manually for name resolution to
    resume working so that updates can be downloaded, including
    environments configured for unattended updates.
    
    We apologize for the inconvenience.
    
    Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
    handled the getaddrinfo() function. An attacker could use this issue
    to cause a denial of service. This issue only affected Ubuntu 10.04
    LTS. (CVE-2013-4357)
    
    It was discovered that the GNU C Library incorrectly handled
    the getaddrinfo() function. An attacker could use this issue
    to cause a denial of service. This issue only affected
    Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458)
    
    Stephane Chazelas discovered that the GNU C Library
    incorrectly handled locale environment variables. An
    attacker could use this issue to possibly bypass certain
    restrictions such as the ForceCommand restrictions in
    OpenSSH. (CVE-2014-0475)
    
    David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that
    the GNU C Library incorrectly handled
    posix_spawn_file_actions_addopen() path arguments. An
    attacker could use this issue to cause a denial of service.
    (CVE-2014-4043).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2306-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected libc6 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libc6", pkgver:"2.11.1-0ubuntu7.15")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-165.NASL
    descriptionSeveral vulnerabilities have been fixed in eglibc, Debian
    last seen2020-03-17
    modified2015-03-26
    plugin id82149
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82149
    titleDebian DLA-165-1 : eglibc security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-165-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82149);
      script_version("1.15");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2012-3405", "CVE-2012-3406", "CVE-2012-3480", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4237", "CVE-2013-4332", "CVE-2013-4357", "CVE-2013-4458", "CVE-2013-4788", "CVE-2013-7423", "CVE-2013-7424", "CVE-2014-4043", "CVE-2015-1472", "CVE-2015-1473");
      script_bugtraq_id(54374, 54982, 55462, 55543, 57638, 58839, 61183, 61729, 62324, 63299, 67992, 68006, 72428, 72498, 72499, 72710, 72844);
    
      script_name(english:"Debian DLA-165-1 : eglibc security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been fixed in eglibc, Debian's version of
    the GNU C library.
    
    #553206 CVE-2015-1472 CVE-2015-1473
    
    The scanf family of functions do not properly limit stack allocation,
    which allows context-dependent attackers to cause a denial of service
    (crash) or possibly execute arbitrary code.
    
    CVE-2012-3405
    
    The printf family of functions do not properly calculate a buffer
    length, which allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and cause a denial
    of service.
    
    CVE-2012-3406
    
    The printf family of functions do not properly limit stack allocation,
    which allows context-dependent attackers to bypass the FORTIFY_SOURCE
    format-string protection mechanism and cause a denial of service
    (crash) or possibly execute arbitrary code via a crafted format
    string.
    
    CVE-2012-3480
    
    Multiple integer overflows in the strtod, strtof, strtold, strtod_l,
    and other related functions allow local users to cause a denial of
    service (application crash) and possibly execute arbitrary code via a
    long string, which triggers a stack-based buffer overflow.
    
    CVE-2012-4412
    
    Integer overflow in the strcoll and wcscoll functions allows
    context-dependent attackers to cause a denial of service (crash) or
    possibly execute arbitrary code via a long string, which triggers a
    heap-based buffer overflow.
    
    CVE-2012-4424
    
    Stack-based buffer overflow in the strcoll and wcscoll functions
    allows context-dependent attackers to cause a denial of service
    (crash) or possibly execute arbitrary code via a long string that
    triggers a malloc failure and use of the alloca function.
    
    CVE-2013-0242
    
    Buffer overflow in the extend_buffers function in the regular
    expression matcher allows context-dependent attackers to cause a
    denial of service (memory corruption and crash) via crafted multibyte
    characters.
    
    CVE-2013-1914 CVE-2013-4458
    
    Stack-based buffer overflow in the getaddrinfo function allows remote
    attackers to cause a denial of service (crash) via a hostname or IP
    address that triggers a large number of domain conversion results.
    
    CVE-2013-4237
    
    readdir_r allows context-dependent attackers to cause a denial of
    service (out-of-bounds write and crash) or possibly execute arbitrary
    code via a malicious NTFS image or CIFS service.
    
    CVE-2013-4332
    
    Multiple integer overflows in malloc/malloc.c allow context-dependent
    attackers to cause a denial of service (heap corruption) via a large
    value to the pvalloc, valloc, posix_memalign, memalign, or
    aligned_alloc functions.
    
    CVE-2013-4357
    
    The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname,
    getservbyname_r, getservbyport, getservbyport_r, and glob functions do
    not properly limit stack allocation, which allows context-dependent
    attackers to cause a denial of service (crash) or possibly execute
    arbitrary code.
    
    CVE-2013-4788
    
    When the GNU C library is statically linked into an executable, the
    PTR_MANGLE implementation does not initialize the random value for the
    pointer guard, so that various hardening mechanisms are not effective.
    
    CVE-2013-7423
    
    The send_dg function in resolv/res_send.c does not properly reuse file
    descriptors, which allows remote attackers to send DNS queries to
    unintended locations via a large number of requests that trigger a
    call to the getaddrinfo function.
    
    CVE-2013-7424
    
    The getaddrinfo function may attempt to free an invalid pointer when
    handling IDNs (Internationalised Domain Names), which allows remote
    attackers to cause a denial of service (crash) or possibly execute
    arbitrary code.
    
    CVE-2014-4043
    
    The posix_spawn_file_actions_addopen function does not copy its path
    argument in accordance with the POSIX specification, which allows
    context-dependent attackers to trigger use-after-free vulnerabilities.
    
    For the oldstable distribution (squeeze), these problems have been
    fixed in version 2.11.3-4+deb6u5.
    
    For the stable distribution (wheezy), these problems were fixed in
    version 2.13-38+deb7u8 or earlier.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2015/03/msg00002.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze-lts/eglibc"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-dev-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-pic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-prof");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-udeb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-dns-udeb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libnss-files-udeb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"eglibc-source", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"glibc-doc", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc-bin", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc-dev-bin", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-amd64", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-dbg", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-dev", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-dev-amd64", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-dev-i386", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-i386", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-i686", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-pic", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-prof", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-udeb", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libc6-xen", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libnss-dns-udeb", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"libnss-files-udeb", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"locales", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"locales-all", reference:"2.11.3-4+deb6u5")) flag++;
    if (deb_check(release:"6.0", prefix:"nscd", reference:"2.11.3-4+deb6u5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2306-3.NASL
    descriptionUSN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. We apologize for the inconvenience. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. (CVE-2013-4357) It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458) Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. (CVE-2014-0475) David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. (CVE-2014-4043). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77568
    published2014-09-09
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77568
    titleUbuntu 10.04 LTS : eglibc regression (USN-2306-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2306-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77568);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/15");
    
      script_cve_id("CVE-2013-4357", "CVE-2013-4458", "CVE-2014-0475", "CVE-2014-4043");
      script_bugtraq_id(63299, 67992, 68006, 68505);
      script_xref(name:"USN", value:"2306-3");
    
      script_name(english:"Ubuntu 10.04 LTS : eglibc regression (USN-2306-3)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04
    LTS, the fix for CVE-2013-4357 introduced a memory leak in
    getaddrinfo. This update fixes the problem.
    
    We apologize for the inconvenience.
    
    Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
    handled the getaddrinfo() function. An attacker could use this issue
    to cause a denial of service. This issue only affected Ubuntu 10.04
    LTS. (CVE-2013-4357)
    
    It was discovered that the GNU C Library incorrectly handled
    the getaddrinfo() function. An attacker could use this issue
    to cause a denial of service. This issue only affected
    Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2013-4458)
    
    Stephane Chazelas discovered that the GNU C Library
    incorrectly handled locale environment variables. An
    attacker could use this issue to possibly bypass certain
    restrictions such as the ForceCommand restrictions in
    OpenSSH. (CVE-2014-0475)
    
    David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that
    the GNU C Library incorrectly handled
    posix_spawn_file_actions_addopen() path arguments. An
    attacker could use this issue to cause a denial of service.
    (CVE-2014-4043).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2306-3/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected libc6 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/09");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libc6", pkgver:"2.11.1-0ubuntu7.17")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6");
    }
    

References