Vulnerabilities > CVE-2014-5119 - Numeric Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gnu
debian
CWE-189
nessus
exploit available

Summary

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Vulnerable Configurations

Part Description Count
Application
Gnu
112
OS
Debian
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionglibc Off-by-One NUL Byte gconv_translit_find Exploit. CVE-2014-5119. Local exploit for linux platform
idEDB-ID:34421
last seen2016-02-03
modified2014-08-27
published2014-08-27
reportertaviso and scarybeasts
sourcehttps://www.exploit-db.com/download/34421/
titleglibc - Off-by-One NUL Byte gconv_translit_find Exploit

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-399.NASL
    descriptionAn off-by-one heap-based buffer overflow flaw was found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id78342
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78342
    titleAmazon Linux AMI : glibc (ALAS-2014-399)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-399.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78342);
      script_version("1.5");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2014-5119");
      script_xref(name:"ALAS", value:"2014-399");
    
      script_name(english:"Amazon Linux AMI : glibc (ALAS-2014-399)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An off-by-one heap-based buffer overflow flaw was found in glibc's
    internal __gconv_translit_find() function. An attacker able to make an
    application call the iconv_open() function with a specially crafted
    argument could possibly use this flaw to execute arbitrary code with
    the privileges of that application."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-399.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update glibc' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"glibc-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-common-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-debuginfo-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-debuginfo-common-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-devel-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-headers-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-static-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-utils-2.17-55.85.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nscd-2.17-55.85.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0033.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). - Add mmap usage to malloc_info output (#1027261). - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). - Also relocate in dependency order when doing symbol dependency testing (#1019916). - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). - nscd: Make SELinux checks dynamic (#1025933). - Fix race in free of fastbin chunk (#1027101). - Fix copy relocations handling of unique objects (#1032628). - Fix encoding name for IDN in getaddrinfo (#981942). - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen
    last seen2020-06-01
    modified2020-06-02
    plugin id79548
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79548
    titleOracleVM 3.3 : glibc (OVMSA-2014-0033)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2014-0033.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79548);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/27 13:00:34");
    
      script_cve_id("CVE-2013-4237", "CVE-2013-4458", "CVE-2014-0475", "CVE-2014-5119");
      script_bugtraq_id(61729, 63299, 68505, 68983, 69738);
    
      script_name(english:"OracleVM 3.3 : glibc (OVMSA-2014-0033)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Remove gconv transliteration loadable modules support
        (CVE-2014-5119, - _nl_find_locale: Improve handling of
        crafted locale names (CVE-2014-0475, 
    
      - Switch gettimeofday from INTUSE to libc_hidden_proto
        (#1099025).
    
      - Fix stack overflow due to large AF_INET6 requests
        (CVE-2013-4458, #1111460).
    
      - Fix buffer overflow in readdir_r (CVE-2013-4237,
        #1111460).
    
      - Fix memory order when reading libgcc handle (#905941).
    
      - Fix format specifier in malloc_info output (#1027261).
    
      - Fix nscd lookup for innetgr when netgroup has wildcards
        (#1054846).
    
      - Add mmap usage to malloc_info output (#1027261).
    
      - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer
        (#1087833).
    
      - [ppc] Add VDSO IFUNC for gettimeofday (#1028285).
    
      - [ppc] Fix ftime gettimeofday internal call returning
        bogus data (#1099025).
    
      - Also relocate in dependency order when doing symbol
        dependency testing (#1019916).
    
      - Fix infinite loop in nscd when netgroup is empty
        (#1085273).
    
      - Provide correct buffer length to netgroup queries in
        nscd (#1074342).
    
      - Return NULL for wildcard values in getnetgrent from nscd
        (#1085289).
    
      - Avoid overlapping addresses to stpcpy calls in nscd
        (#1082379).
    
      - Initialize all of datahead structure in nscd (#1074353).
    
      - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN
        (#1044628).
    
      - Do not fail if one of the two responses to AF_UNSPEC
        fails (#845218).
    
      - nscd: Make SELinux checks dynamic (#1025933).
    
      - Fix race in free of fastbin chunk (#1027101).
    
      - Fix copy relocations handling of unique objects
        (#1032628).
    
      - Fix encoding name for IDN in getaddrinfo (#981942).
    
      - Fix return code from getent netgroup when the netgroup
        is not found (#1039988).
    
      - Fix handling of static TLS in dlopen'ed objects
        (#995972).
    
      - Don't use alloca in addgetnetgrentX (#1043557).
    
      - Adjust pointers to triplets in netgroup query data
        (#1043557)."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000229.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bed5f80b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc / glibc-common / nscd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"glibc-2.12-1.149.el6")) flag++;
    if (rpm_check(release:"OVS3.3", reference:"glibc-common-2.12-1.149.el6")) flag++;
    if (rpm_check(release:"OVS3.3", reference:"nscd-2.12-1.149.el6")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / nscd");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-175.NASL
    descriptionMultiple vulnerabilities has been found and corrected in glibc : When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults (CVE-2012-6656). Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules (CVE-2014-5119). Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77654
    published2014-09-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77654
    titleMandriva Linux Security Advisory : glibc (MDVSA-2014:175)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2014:175. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77654);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2012-6656", "CVE-2014-5119", "CVE-2014-6040");
      script_bugtraq_id(68983, 69470, 69472);
      script_xref(name:"MDVSA", value:"2014:175");
    
      script_name(english:"Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in glibc :
    
    When converting IBM930 code with iconv(), if IBM930 code which
    includes invalid multibyte character 0xffff is specified, then iconv()
    segfaults (CVE-2012-6656).
    
    Off-by-one error in the __gconv_translit_find function in
    gconv_trans.c in GNU C Library (aka glibc) allows context-dependent
    attackers to cause a denial of service (crash) or execute arbitrary
    code via vectors related to the CHARSET environment variable and gconv
    transliteration modules (CVE-2014-5119).
    
    Crashes were reported in the IBM code page decoding functions (IBM933,
    IBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040).
    
    The updated packages have been patched to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://seclists.org/oss-sec/2014/q3/485"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1135841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://sourceware.org/bugzilla/show_bug.cgi?id=14134"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://sourceware.org/bugzilla/show_bug.cgi?id=17325"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-devel-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"glibc-doc-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"glibc-doc-pdf-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-i18ndata-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-profile-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-static-devel-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-utils-2.14.1-12.9.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nscd-2.14.1-12.9.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0024.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id81119
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81119
    titleOracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2015-0024.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81119);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/27 13:00:34");
    
      script_cve_id("CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332", "CVE-2014-0475", "CVE-2014-5119", "CVE-2015-0235");
      script_bugtraq_id(57638, 58839, 62324, 68505, 68983, 69738, 72325);
    
      script_name(english:"OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates :
    
      - Switch to use malloc when the input line is too long
        [Orabug 19951108]
    
      - Use a /sys/devices/system/cpu/online for
        _SC_NPROCESSORS_ONLN implementation [Orabug 17642251]
        (Joe Jin)
    
      - Fix parsing of numeric hosts in gethostbyname_r
        (CVE-2015-0235, #1183532).
    
      - Remove gconv transliteration loadable modules support
        (CVE-2014-5119, - _nl_find_locale: Improve handling of
        crafted locale names (CVE-2014-0475, 
    
      - Fix patch for integer overflows in *valloc and memalign.
        (CVE-2013-4332, #1011805).
    
      - Fix return code when starting an already started nscd
        daemon (#979413).
    
      - Fix getnameinfo for many PTR record queries (#1020486).
    
      - Return EINVAL error for negative sizees to getgroups
        (#995207).
    
      - Fix integer overflows in *valloc and memalign.
        (CVE-2013-4332, #1011805).
    
      - Add support for newer L3 caches on x86-64 and correctly
        count the number of hardware threads sharing a cacheline
        (#1003420).
    
      - Revert incomplete fix for bug #758193.
    
      - Fix _nl_find_msg malloc failure case, and callers
        (#957089).
    
      - Test on init_fct, not result->__init_fct, after
        demangling (#816647).
    
      - Don't handle ttl == 0 specially (#929035).
    
      - Fix multibyte character processing crash in regexp
        (CVE-2013-0242, #951132)
    
      - Fix getaddrinfo stack overflow resulting in application
        crash (CVE-2013-1914, #951132)
    
      - Add missing patch to avoid use after free (#816647)
    
      - Fix race in initgroups compat_call (#706571)
    
      - Fix return value from getaddrinfo when servers are down.
        (#758193)
    
      - Fix fseek on wide character streams. Sync's seeking code
        with RHEL 6 (#835828)
    
      - Call feraiseexcept only if exceptions are not masked
        (#861871).
    
      - Always demangle function before checking for NULL value.
        (#816647).
    
      - Do not fail in ttyname if /proc is not available
        (#851450).
    
      - Fix errno for various overflow situations in vfprintf.
        Add missing overflow checks. (#857387)
    
      - Handle failure of _nl_explode_name in all cases
        (#848481)
    
      - Define the default fuzz factor to 2 to make it easier to
        manipulate RHEL 5 RPMs on RHEL 6 and newer systems.
    
      - Fix race in intl/* testsuite (#849202)
    
      - Fix out of bounds array access in strto* exposed by
        847930 patch.
    
      - Really fix POWER4 strncmp crash (#766832).
    
      - Fix integer overflow leading to buffer overflow in
        strto* (#847930)
    
      - Fix race in msort/qsort (#843672)
    
      - Fix regression due to 797096 changes (#845952)
    
      - Do not use PT_IEEE_IP ptrace calls (#839572)
    
      - Update ULPs (#837852)
    
      - Fix various transcendentals in non-default rounding
        modes (#837852)
    
      - Fix unbound alloca in vfprintf (#826947)
    
      - Fix iconv segfault if the invalid multibyte character
        0xffff is input when converting from IBM930. (#823905)
    
      - Fix fnmatch when '*' wildcard is applied on a file name
        containing multibyte chars. (#819430)
    
      - Fix unbound allocas use in glob_in_dir, getaddrinfo and
        others. (#797096)
    
      - Fix segfault when running ld.so --verify on some DSO's
        in current working directory. (#808342)
    
      - Incorrect initialization order for dynamic loader
        (#813348)
    
      - Fix return code when stopping already stopped nscd
        daemon (#678227)
    
      - Remove MAP_32BIT for pthread stack mappings, use
        MAP_STACK instead (#641094)
    
      - Fix setuid vs sighandler_setxid race (#769852)
    
      - Fix access after end of search string in regex matcher
        (#757887)
    
      - Fix POWER4 strncmp crash (#766832)
    
      - Fix SC_*CACHE detection for X5670 cpus (#692182)
    
      - Fix parsing IPV6 entries in /etc/resolv.conf (#703239)
    
      - Fix double-free in nss_nis code (#500767)
    
      - Add kernel VDSO support for s390x (#795896)
    
      - Fix race in malloc arena creation and make
        implementation match documented behaviour (#800240)
    
      - Do not override TTL of CNAME with TTL of its alias
        (#808014)
    
      - Fix short month names in fi_FI locale #(657266).
    
      - Fix nscd crash for group with large number of members
        (#788989)
    
      - Fix Slovakia currency (#799853)
    
      - Fix getent malloc failure check (#806403)
    
      - Fix short month names in zh_CN locale (#657588)
    
      - Fix decimal point symbol for Portuguese currency
        (#710216)
    
      - Avoid integer overflow in sbrk (#767358)
    
      - Avoid race between [,__de]allocate_stack and
        __reclaim_stacks during fork (#738665)
    
      - Fix race between IO_flush_all_lockp & pthread_cancel
        (#751748)
    
      - Fix memory leak in NIS endgrent (#809325)
    
      - Allow getaddr to accept SCTP socket types in hints
        (#765710)
    
      - Fix errno handling in vfprintf (#794814)
    
      - Filter out <built-in> when building file lists
        (#784646).
    
      - Avoid 'nargs' integer overflow which could be used to
        bypass FORTIFY_SOURCE (#794814)
    
      - Fix currency_symbol for uk_UA (#639000)"
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000261.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b908cf01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc / glibc-common / nscd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/02");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS2.2", reference:"glibc-2.5-123.0.1.el5_11.1")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"glibc-common-2.5-123.0.1.el5_11.1")) flag++;
    if (rpm_check(release:"OVS2.2", reference:"nscd-2.5-123.0.1.el5_11.1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / nscd");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140829_GLIBC_ON_SL5_X.NASL
    descriptionAn off-by-one heap-based buffer overflow flaw was found in glibc
    last seen2020-03-18
    modified2014-08-30
    plugin id77465
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77465
    titleScientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64 (20140829)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77465);
      script_version("1.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0475", "CVE-2014-5119");
    
      script_name(english:"Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64 (20140829)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An off-by-one heap-based buffer overflow flaw was found in glibc's
    internal __gconv_translit_find() function. An attacker able to make an
    application call the iconv_open() function with a specially crafted
    argument could possibly use this flaw to execute arbitrary code with
    the privileges of that application. (CVE-2014-5119)
    
    A directory traversal flaw was found in the way glibc loaded locale
    files. An attacker able to make an application use a specially crafted
    locale name value (for example, specified in an LC_* environment
    variable) could possibly use this flaw to execute arbitrary code with
    the privileges of that application. (CVE-2014-0475)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1408&L=scientific-linux-errata&T=0&P=1436
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f1bde0d0"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"glibc-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-common-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-debuginfo-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-debuginfo-common-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-devel-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-headers-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"SL5", reference:"glibc-utils-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"SL5", reference:"nscd-2.5-118.el5_10.3")) flag++;
    
    if (rpm_check(release:"SL6", reference:"glibc-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"glibc-common-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"glibc-debuginfo-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"glibc-debuginfo-common-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"glibc-devel-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"glibc-headers-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"glibc-static-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"glibc-utils-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"SL6", reference:"nscd-2.12-1.132.el6_5.4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3012.NASL
    descriptionTavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian
    last seen2020-03-17
    modified2014-08-28
    plugin id77418
    published2014-08-28
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77418
    titleDebian DSA-3012-1 : eglibc - security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3012. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77418);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-5119");
      script_bugtraq_id(68983);
      script_xref(name:"DSA", value:"3012");
    
      script_name(english:"Debian DSA-3012-1 : eglibc - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Tavis Ormandy discovered a heap-based buffer overflow in the
    transliteration module loading code in eglibc, Debian's version of the
    GNU C Library. As a result, an attacker who can supply a crafted
    destination character set argument to iconv-related character
    conversation functions could achieve arbitrary code execution.
    
    This update removes support of loadable gconv transliteration modules.
    Besides the security vulnerability, the module loading code had
    functionality defects which prevented it from working for the intended
    purpose."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/eglibc"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2014/dsa-3012"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the eglibc packages.
    
    For the stable distribution (wheezy), this problem has been fixed in
    version 2.13-38+deb7u4."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"eglibc-source", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"glibc-doc", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc-bin", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc-dev-bin", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-dbg", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-dev", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-dev-i386", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-i386", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-i686", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-pic", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-prof", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-amd64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dbg", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-amd64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-i386", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-mips64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-mipsn32", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-ppc64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-s390", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-s390x", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-sparc64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-i386", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-i686", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-loongson2f", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-mips64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-mipsn32", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-pic", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-ppc64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-prof", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-s390", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-s390x", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-sparc64", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-xen", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-dbg", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-dev", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-pic", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-prof", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"locales", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"locales-all", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"multiarch-support", reference:"2.13-38+deb7u4")) flag++;
    if (deb_check(release:"7.0", prefix:"nscd", reference:"2.13-38+deb7u4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2014-296-01.NASL
    descriptionNew glibc packages are available for Slackware 14.1 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78656
    published2014-10-24
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78656
    titleSlackware 14.1 / current : glibc (SSA:2014-296-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Slackware Security Advisory 2014-296-01. The text 
    # itself is copyright (C) Slackware Linux, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78656);
      script_version("$Revision: 1.3 $");
      script_cvs_date("$Date: 2015/01/28 19:00:57 $");
    
      script_cve_id("CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4237", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040");
      script_xref(name:"SSA", value:"2014-296-01");
    
      script_name(english:"Slackware 14.1 / current : glibc (SSA:2014-296-01)");
      script_summary(english:"Checks for updated packages in /var/log/packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Slackware host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New glibc packages are available for Slackware 14.1 and -current to
    fix security issues."
      );
      # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5118ccd5"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-i18n");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-solibs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.");
      script_family(english:"Slackware Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("slackware.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
    if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);
    
    
    flag = 0;
    if (slackware_check(osver:"14.1", pkgname:"glibc", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++;
    if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++;
    
    if (slackware_check(osver:"current", pkgname:"glibc", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++;
    if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1110.NASL
    descriptionUpdated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id77439
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77439
    titleCentOS 5 / 6 / 7 : glibc (CESA-2014:1110)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1110 and 
    # CentOS Errata and Security Advisory 2014:1110 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77439);
      script_version("1.13");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2014-0475", "CVE-2014-5119");
      script_bugtraq_id(68505, 68983);
      script_xref(name:"RHSA", value:"2014:1110");
    
      script_name(english:"CentOS 5 / 6 / 7 : glibc (CESA-2014:1110)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated glibc packages that fix two security issues are now available
    for Red Hat Enterprise Linux 5, 6, and 7.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The glibc packages contain the standard C libraries used by multiple
    programs on the system. These packages contain the standard C and the
    standard math libraries. Without these two libraries, a Linux system
    cannot function properly.
    
    An off-by-one heap-based buffer overflow flaw was found in glibc's
    internal __gconv_translit_find() function. An attacker able to make an
    application call the iconv_open() function with a specially crafted
    argument could possibly use this flaw to execute arbitrary code with
    the privileges of that application. (CVE-2014-5119)
    
    A directory traversal flaw was found in the way glibc loaded locale
    files. An attacker able to make an application use a specially crafted
    locale name value (for example, specified in an LC_* environment
    variable) could possibly use this flaw to execute arbitrary code with
    the privileges of that application. (CVE-2014-0475)
    
    Red Hat would like to thank Stephane Chazelas for reporting
    CVE-2014-0475.
    
    All glibc users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-August/020518.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f3b6ebde"
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-August/020519.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?10de64c9"
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-August/020520.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?11a699a3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-5119");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"glibc-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-common-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-devel-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-headers-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"glibc-utils-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"nscd-2.5-118.el5_10.3")) flag++;
    
    if (rpm_check(release:"CentOS-6", reference:"glibc-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"glibc-common-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"glibc-devel-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"glibc-headers-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"glibc-static-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"glibc-utils-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"nscd-2.12-1.132.el6_5.4")) flag++;
    
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-2.17-55.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-common-2.17-55.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-devel-2.17-55.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-headers-2.17-55.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-static-2.17-55.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-utils-2.17-55.el7_0.1")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nscd-2.17-55.el7_0.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1119-1.NASL
    descriptionThis glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#772242: Replace scope handing with master state - bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) - bnc#818630: Fall back to localhost if no nameserver defined - bnc#828235: Fix missing character in IBM-943 charset - bnc#828637: Fix use of alloca in gaih_inet - bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83634
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83634
    titleSUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:1119-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83634);
      script_version("2.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-4412", "CVE-2013-4237", "CVE-2014-5119");
      script_bugtraq_id(55462, 61729, 68983, 69738);
    
      script_name(english:"SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This glibc update fixes a critical privilege escalation problem and
    the following security and non security issues :
    
      - bnc#892073: An off-by-one error leading to a heap-based
        buffer overflow was found in __gconv_translit_find(). An
        exploit that targets the problem is publicly available.
        (CVE-2014-5119)
    
      - bnc#772242: Replace scope handing with master state
    
      - bnc#779320: Fix buffer overflow in strcoll
        (CVE-2012-4412)
    
      - bnc#818630: Fall back to localhost if no nameserver
        defined
    
      - bnc#828235: Fix missing character in IBM-943 charset
    
      - bnc#828637: Fix use of alloca in gaih_inet
    
      - bnc#834594: Fix readdir_r with long file names
        (CVE-2013-4237)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=772242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=779320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=818630"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828637"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=834594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892073"
      );
      # https://download.suse.com/patch/finder/?keywords=767429925ce018c15cbe14c33d6a0f11
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2e4ddbfb"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-4412/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4237/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5119/"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20141119-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9acd37d5"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected glibc packages");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-devel-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-locale-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-profile-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-devel-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-locale-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-profile-32bit-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-devel-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-html-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-i18ndata-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-info-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-locale-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-profile-2.4-31.111.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"nscd-2.4-31.111.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1118.NASL
    descriptionUpdated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id79044
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79044
    titleRHEL 5 / 6 : glibc (RHSA-2014:1118)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1118. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79044);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2014-5119");
      script_bugtraq_id(68983);
      script_xref(name:"RHSA", value:"2014:1118");
    
      script_name(english:"RHEL 5 / 6 : glibc (RHSA-2014:1118)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated glibc packages that fix one security issue are now available
    for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux
    5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced
    Update Support, and Red Hat Enterprise Linux 6.4 Extended Update
    Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available from the
    CVE link in the References section.
    
    The glibc packages contain the standard C libraries used by multiple
    programs on the system. These packages contain the standard C and the
    standard math libraries. Without these two libraries, a Linux system
    cannot function properly.
    
    An off-by-one heap-based buffer overflow flaw was found in glibc's
    internal __gconv_translit_find() function. An attacker able to make an
    application call the iconv_open() function with a specially crafted
    argument could possibly use this flaw to execute arbitrary code with
    the privileges of that application. (CVE-2014-5119)
    
    All glibc users are advised to upgrade to these updated packages,
    which contain a backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/solutions/1176253"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5119"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5\.6|5\.9|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.6 / 5.9 / 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1118";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {  sp = get_kb_item("Host/RedHat/minor_release");
      if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    
      flag = 0;
      if (rpm_check(release:"RHEL5", sp:"9", reference:"glibc-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"glibc-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-common-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-common-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"glibc-common-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-common-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"glibc-common-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", reference:"glibc-debuginfo-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-debuginfo-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"glibc-debuginfo-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-debuginfo-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-debuginfo-common-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-debuginfo-common-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", reference:"glibc-devel-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-devel-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-devel-2.5-58.el5_6.5")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-headers-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-headers-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"glibc-headers-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-headers-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"glibc-headers-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-utils-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-utils-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"glibc-utils-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-utils-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"glibc-utils-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"nscd-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"nscd-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"nscd-2.5-107.el5_9.7")) flag++;
    
      if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"nscd-2.5-58.el5_6.5")) flag++;
      if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"nscd-2.5-107.el5_9.7")) flag++;
    
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-2.12-1.107.el6_4.6")) flag++; }
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-2.12-1.107.el6_4.6")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"glibc-common-2.12-1.107.el6_4.6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"glibc-common-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-common-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-common-2.12-1.107.el6_4.6")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-debuginfo-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-debuginfo-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-debuginfo-2.12-1.107.el6_4.6")) flag++; }
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-debuginfo-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-debuginfo-2.12-1.107.el6_4.6")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-debuginfo-common-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-debuginfo-common-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-debuginfo-common-2.12-1.107.el6_4.6")) flag++; }
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-debuginfo-common-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-debuginfo-common-2.12-1.107.el6_4.6")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-devel-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-devel-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-devel-2.12-1.107.el6_4.6")) flag++; }
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-devel-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-devel-2.12-1.107.el6_4.6")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"glibc-headers-2.12-1.107.el6_4.6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"glibc-headers-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-headers-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-headers-2.12-1.107.el6_4.6")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-static-2.12-1.107.el6_4.6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-static-2.12-1.47.el6_2.13")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-static-2.12-1.47.el6_2.13")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"glibc-utils-2.12-1.107.el6_4.6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"glibc-utils-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-utils-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-utils-2.12-1.107.el6_4.6")) flag++; }
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"nscd-2.12-1.107.el6_4.6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"nscd-2.12-1.107.el6_4.6")) flag++;
    
    if (sp == "2") {   if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"nscd-2.12-1.47.el6_2.13")) flag++; }
      else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nscd-2.12-1.107.el6_4.6")) flag++; }
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-168.NASL
    descriptionUpdated glibc packages fix security vulnerabilities : Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there (CVE-2014-0475). David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities (CVE-2014-4043). This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073) Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose (CVE-2014-5119). Adhemerval Zanella Netto discovered out-of-bounds reads in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) that can be used to crash the systems, causing a denial of service conditions (CVE-2014-6040). The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of
    last seen2020-06-01
    modified2020-06-02
    plugin id82421
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82421
    titleMandriva Linux Security Advisory : glibc (MDVSA-2015:168)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2015:168. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82421);
      script_version("1.6");
      script_cvs_date("Date: 2019/08/02 13:32:57");
    
      script_cve_id("CVE-2012-3406", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1473");
      script_xref(name:"MDVSA", value:"2015:168");
    
      script_name(english:"Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated glibc packages fix security vulnerabilities :
    
    Stephane Chazelas discovered that directory traversal issue in locale
    handling in glibc. glibc accepts relative paths with .. components in
    the LC_* and LANG variables. Together with typical OpenSSH
    configurations (with suitable AcceptEnv settings in sshd_config), this
    could conceivably be used to bypass ForceCommand restrictions (or
    restricted shells), assuming the attacker has sufficient level of
    access to a file system location on the host to create crafted locale
    definitions there (CVE-2014-0475).
    
    David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where
    posix_spawn_file_actions_addopen fails to copy the path argument
    (glibc bz #17048) which can, in conjunction with many common memory
    management techniques from an application, lead to a use after free,
    or other vulnerabilities (CVE-2014-4043).
    
    This update also fixes the following issues: x86: Disable x87 inline
    functions for SSE2 math (glibc bz #16510) malloc: Fix race in free()
    of fastbin chunk (glibc bz #15073)
    
    Tavis Ormandy discovered a heap-based buffer overflow in the
    transliteration module loading code. As a result, an attacker who can
    supply a crafted destination character set argument to iconv-related
    character conversation functions could achieve arbitrary code
    execution.
    
    This update removes support of loadable gconv transliteration modules.
    Besides the security vulnerability, the module loading code had
    functionality defects which prevented it from working for the intended
    purpose (CVE-2014-5119).
    
    Adhemerval Zanella Netto discovered out-of-bounds reads in additional
    code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
    that can be used to crash the systems, causing a denial of service
    conditions (CVE-2014-6040).
    
    The function wordexp() fails to properly handle the WRDE_NOCMD flag
    when processing arithmetic inputs in the form of '$((... ))' where
    '...' can be anything valid. The backticks in the arithmetic
    epxression are evaluated by in a shell even if WRDE_NOCMD forbade
    command substitution. This allows an attacker to attempt to pass
    dangerous commands via constructs of the above form, and bypass the
    WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).
    
    The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka
    glibc) 2.5, 2.12, and probably other versions does not properly
    restrict the use of the alloca function when allocating the SPECS
    array, which allows context-dependent attackers to bypass the
    FORTIFY_SOURCE format-string protection mechanism and cause a denial
    of service (crash) or possibly execute arbitrary code via a crafted
    format string using positional parameters and a large number of format
    specifiers (CVE-2012-3406).
    
    The nss_dns implementation of getnetbyname could run into an infinite
    loop if the DNS response contained a PTR record of an unexpected
    format (CVE-2014-9402).
    
    Also glibc lock elision (new feature in glibc 2.18) has been disabled
    as it can break glibc at runtime on newer Intel hardware (due to
    hardware bug)
    
    Under certain conditions wscanf can allocate too little memory for the
    to-be-scanned arguments and overflow the allocated buffer
    (CVE-2015-1472).
    
    The incorrect use of '__libc_use_alloca (newsize)' caused a different
    (and weaker) policy to be enforced which could allow a denial of
    service attack (CVE-2015-1473)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0314.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0376.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2014-0496.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2015-0013.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://advisories.mageia.org/MGASA-2015-0072.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-2.18-10.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-devel-2.18-10.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", reference:"glibc-doc-2.18-10.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-i18ndata-2.18-10.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-profile-2.18-10.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-static-devel-2.18-10.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-utils-2.18-10.1.mbs2")) flag++;
    if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"nscd-2.18-10.1.mbs2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1129-1.NASL
    descriptionThis glibc update fixes a critical privilege escalation problem and two additional issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. - bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) - bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83639
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83639
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:1129-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83639);
      script_version("2.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2012-6656", "CVE-2013-4357", "CVE-2014-5119", "CVE-2014-6040");
      script_bugtraq_id(67992, 68983, 69470, 69472, 69738);
    
      script_name(english:"SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This glibc update fixes a critical privilege escalation problem and
    two additional issues :
    
      - bnc#892073: An off-by-one error leading to a heap-based
        buffer overflow was found in __gconv_translit_find(). An
        exploit that targets the problem is publicly available.
        (CVE-2014-5119)
    
      - bnc#836746: Avoid race between {, __de}allocate_stack
        and __reclaim_stacks during fork.
    
      - bnc#844309: Fixed various overflows, reading large
        /etc/hosts or long names. (CVE-2013-4357)
    
      - bnc#894553, bnc#894556: Fixed various crashes on invalid
        input in IBM gconv modules. (CVE-2014-6040,
        CVE-2012-6656)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=836746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=844309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894553"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894556"
      );
      # https://download.suse.com/patch/finder/?keywords=cd8403453563e9d5a949d2219d62a993
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?12c9123b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-6656/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4357/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5119/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-6040/"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20141129-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ab20b15d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11 SP2 LTSS :
    
    zypper in -t patch slessp2-glibc-9721
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-devel-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-html-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-i18ndata-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-info-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-locale-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-profile-2.11.3-17.45.53.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"2", reference:"nscd-2.11.3-17.45.53.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201602-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201602-02 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. Impact : A remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. Workaround : A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below.
    last seen2020-06-01
    modified2020-06-02
    plugin id88822
    published2016-02-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88822
    titleGLSA-201602-02 : GNU C Library: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201602-02.
    #
    # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88822);
      script_version("2.16");
      script_cvs_date("Date: 2019/04/11 17:23:06");
    
      script_cve_id("CVE-2013-7423", "CVE-2014-0475", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-8121", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1781", "CVE-2015-7547", "CVE-2015-8776", "CVE-2015-8778", "CVE-2015-8779");
      script_xref(name:"GLSA", value:"201602-02");
      script_xref(name:"IAVA", value:"2016-A-0053");
      script_xref(name:"TRA", value:"TRA-2017-08");
    
      script_name(english:"GLSA-201602-02 : GNU C Library: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201602-02
    (GNU C Library: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in the GNU C Library:
          The Google Security Team and Red Hat discovered a stack-based buffer
            overflow in the send_dg() and send_vc() functions due to a buffer
            mismanagement when getaddrinfo() is called with AF_UNSPEC
            (CVE-2015-7547).
          The strftime() function access invalid memory when passed
            out-of-range data, resulting in a crash (CVE-2015-8776).
          An integer overflow was found in the __hcreate_r() function
            (CVE-2015-8778).
          Multiple unbounded stack allocations were found in the catopen()
            function (CVE-2015-8779).
        Please review the CVEs referenced below for additional vulnerabilities
          that had already been fixed in previous versions of sys-libs/glibc, for
          which we have not issued a GLSA before.
      
    Impact :
    
        A remote attacker could exploit any application which performs host name
          resolution using getaddrinfo() in order to execute arbitrary code or
          crash the application. The other vulnerabilities can possibly be
          exploited to cause a Denial of Service or leak information.
      
    Workaround :
    
        A number of mitigating factors for CVE-2015-7547 have been identified.
          Please review the upstream advisory and references below."
      );
      # https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1358552a"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201602-02"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.tenable.com/security/research/tra-2017-08"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All GNU C Library users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.21-r2'
        It is important to ensure that no running process uses the old glibc
          anymore. The easiest way to achieve that is by rebooting the machine
          after updating the sys-libs/glibc package.
        Note: Should you run into compilation failures while updating, please
          see bug 574948."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/17");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/18");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"sys-libs/glibc", unaffected:make_list("ge 2.21-r2"), vulnerable:make_list("lt 2.21-r2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU C Library");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1110.NASL
    descriptionFrom Red Hat Security Advisory 2014:1110 : Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id77463
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77463
    titleOracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:1110 and 
    # Oracle Linux Security Advisory ELSA-2014-1110 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77463);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2014-0475", "CVE-2014-5119");
      script_bugtraq_id(68505, 68983);
      script_xref(name:"RHSA", value:"2014:1110");
    
      script_name(english:"Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:1110 :
    
    Updated glibc packages that fix two security issues are now available
    for Red Hat Enterprise Linux 5, 6, and 7.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The glibc packages contain the standard C libraries used by multiple
    programs on the system. These packages contain the standard C and the
    standard math libraries. Without these two libraries, a Linux system
    cannot function properly.
    
    An off-by-one heap-based buffer overflow flaw was found in glibc's
    internal __gconv_translit_find() function. An attacker able to make an
    application call the iconv_open() function with a specially crafted
    argument could possibly use this flaw to execute arbitrary code with
    the privileges of that application. (CVE-2014-5119)
    
    A directory traversal flaw was found in the way glibc loaded locale
    files. An attacker able to make an application use a specially crafted
    locale name value (for example, specified in an LC_* environment
    variable) could possibly use this flaw to execute arbitrary code with
    the privileges of that application. (CVE-2014-0475)
    
    Red Hat would like to thank Stephane Chazelas for reporting
    CVE-2014-0475.
    
    All glibc users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-August/004389.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-August/004390.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-August/004391.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"glibc-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"EL5", reference:"glibc-common-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"EL5", reference:"glibc-devel-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"EL5", reference:"glibc-headers-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"EL5", reference:"glibc-utils-2.5-118.el5_10.3")) flag++;
    if (rpm_check(release:"EL5", reference:"nscd-2.5-118.el5_10.3")) flag++;
    
    if (rpm_check(release:"EL6", reference:"glibc-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"EL6", reference:"glibc-common-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"EL6", reference:"glibc-devel-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"EL6", reference:"glibc-headers-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"EL6", reference:"glibc-static-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"EL6", reference:"glibc-utils-2.12-1.132.el6_5.4")) flag++;
    if (rpm_check(release:"EL6", reference:"nscd-2.12-1.132.el6_5.4")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-2.17-55.0.4.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-common-2.17-55.0.4.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-devel-2.17-55.0.4.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-headers-2.17-55.0.4.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-static-2.17-55.0.4.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-utils-2.17-55.0.4.el7_0.1")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nscd-2.17-55.0.4.el7_0.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1128-1.NASL
    descriptionThis glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83638
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83638
    titleSUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9830.NASL
    descriptionAn off-by-one heap-based buffer overflow flaw was found in glibc
    last seen2020-03-17
    modified2014-10-20
    plugin id78583
    published2014-10-20
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78583
    titleFedora 19 : glibc-2.17-21.fc19 (2014-9830)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9824.NASL
    description - Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly long, contain slashes without starting with a slash, or contain
    last seen2020-03-17
    modified2014-08-29
    plugin id77430
    published2014-08-29
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77430
    titleFedora 20 : glibc-2.18-14.fc20 (2014-9824)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_GLIBC-140829.NASL
    descriptionThis glibc update fixes a critical privilege escalation problem and two non-security issues : - An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119). (bnc#892073) - setenv-alloca.patch: Avoid unbound alloca in setenv. (bnc#892065) - printf-multibyte-format.patch: Don
    last seen2020-06-05
    modified2014-09-13
    plugin id77673
    published2014-09-13
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/77673
    titleSuSE 11.3 Security Update : glibc (SAT Patch Number 9669)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-536.NASL
    descriptionglibc was updated to fix three security issues : - A directory traversal in locale environment handling was fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137) - Disable gconv transliteration module loading which could be used for code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187) - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, bnc#894553, BZ #17325)
    last seen2020-06-05
    modified2014-09-12
    plugin id77659
    published2014-09-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77659
    titleopenSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2328-1.NASL
    descriptionTavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. (CVE-2014-5119) USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id77436
    published2014-08-29
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77436
    titleUbuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerability (USN-2328-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1110.NASL
    descriptionUpdated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id77464
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77464
    titleRHEL 5 / 6 / 7 : glibc (RHSA-2014:1110)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0023.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id81118
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81118
    titleOracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1122-1.NASL
    descriptionThis glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don
    last seen2020-06-05
    modified2015-05-20
    plugin id83637
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83637
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2014-0017.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Don
    last seen2020-06-01
    modified2020-06-02
    plugin id79539
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79539
    titleOracleVM 3.3 : glibc (OVMSA-2014-0017)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-43.NASL
    descriptionCVE-2014-0475 Stephane Chazelas discovered that the GNU C library, glibc, processed
    last seen2020-03-17
    modified2015-03-26
    plugin id82190
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82190
    titleDebian DLA-43-1 : eglibc security update

Redhat

advisories
  • bugzilla
    id1119128
    titleCVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentglibc-common is earlier than 0:2.5-118.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20141110001
          • commentglibc-common is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022004
        • AND
          • commentnscd is earlier than 0:2.5-118.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20141110003
          • commentnscd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022008
        • AND
          • commentglibc-devel is earlier than 0:2.5-118.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20141110005
          • commentglibc-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022010
        • AND
          • commentglibc-utils is earlier than 0:2.5-118.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20141110007
          • commentglibc-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022002
        • AND
          • commentglibc is earlier than 0:2.5-118.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20141110009
          • commentglibc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022006
        • AND
          • commentglibc-headers is earlier than 0:2.5-118.el5_10.3
            ovaloval:com.redhat.rhsa:tst:20141110011
          • commentglibc-headers is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022012
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentglibc-headers is earlier than 0:2.12-1.132.el6_5.4
            ovaloval:com.redhat.rhsa:tst:20141110014
          • commentglibc-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763010
        • AND
          • commentnscd is earlier than 0:2.12-1.132.el6_5.4
            ovaloval:com.redhat.rhsa:tst:20141110016
          • commentnscd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763014
        • AND
          • commentglibc-devel is earlier than 0:2.12-1.132.el6_5.4
            ovaloval:com.redhat.rhsa:tst:20141110018
          • commentglibc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763006
        • AND
          • commentglibc-utils is earlier than 0:2.12-1.132.el6_5.4
            ovaloval:com.redhat.rhsa:tst:20141110020
          • commentglibc-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763012
        • AND
          • commentglibc is earlier than 0:2.12-1.132.el6_5.4
            ovaloval:com.redhat.rhsa:tst:20141110022
          • commentglibc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763004
        • AND
          • commentglibc-common is earlier than 0:2.12-1.132.el6_5.4
            ovaloval:com.redhat.rhsa:tst:20141110024
          • commentglibc-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763008
        • AND
          • commentglibc-static is earlier than 0:2.12-1.132.el6_5.4
            ovaloval:com.redhat.rhsa:tst:20141110026
          • commentglibc-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763002
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentnscd is earlier than 0:2.17-55.el7_0.1
            ovaloval:com.redhat.rhsa:tst:20141110029
          • commentnscd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763014
        • AND
          • commentglibc is earlier than 0:2.17-55.el7_0.1
            ovaloval:com.redhat.rhsa:tst:20141110030
          • commentglibc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763004
        • AND
          • commentglibc-headers is earlier than 0:2.17-55.el7_0.1
            ovaloval:com.redhat.rhsa:tst:20141110031
          • commentglibc-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763010
        • AND
          • commentglibc-utils is earlier than 0:2.17-55.el7_0.1
            ovaloval:com.redhat.rhsa:tst:20141110032
          • commentglibc-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763012
        • AND
          • commentglibc-devel is earlier than 0:2.17-55.el7_0.1
            ovaloval:com.redhat.rhsa:tst:20141110033
          • commentglibc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763006
        • AND
          • commentglibc-common is earlier than 0:2.17-55.el7_0.1
            ovaloval:com.redhat.rhsa:tst:20141110034
          • commentglibc-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763008
        • AND
          • commentglibc-static is earlier than 0:2.17-55.el7_0.1
            ovaloval:com.redhat.rhsa:tst:20141110035
          • commentglibc-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763002
    rhsa
    idRHSA-2014:1110
    released2014-08-29
    severityImportant
    titleRHSA-2014:1110: glibc security update (Important)
  • rhsa
    idRHSA-2014:1118
rpms
  • glibc-0:2.12-1.132.el6_5.4
  • glibc-0:2.17-55.el7_0.1
  • glibc-0:2.5-118.el5_10.3
  • glibc-common-0:2.12-1.132.el6_5.4
  • glibc-common-0:2.17-55.el7_0.1
  • glibc-common-0:2.5-118.el5_10.3
  • glibc-debuginfo-0:2.12-1.132.el6_5.4
  • glibc-debuginfo-0:2.17-55.el7_0.1
  • glibc-debuginfo-0:2.5-118.el5_10.3
  • glibc-debuginfo-common-0:2.12-1.132.el6_5.4
  • glibc-debuginfo-common-0:2.17-55.el7_0.1
  • glibc-debuginfo-common-0:2.5-118.el5_10.3
  • glibc-devel-0:2.12-1.132.el6_5.4
  • glibc-devel-0:2.17-55.el7_0.1
  • glibc-devel-0:2.5-118.el5_10.3
  • glibc-headers-0:2.12-1.132.el6_5.4
  • glibc-headers-0:2.17-55.el7_0.1
  • glibc-headers-0:2.5-118.el5_10.3
  • glibc-static-0:2.12-1.132.el6_5.4
  • glibc-static-0:2.17-55.el7_0.1
  • glibc-utils-0:2.12-1.132.el6_5.4
  • glibc-utils-0:2.17-55.el7_0.1
  • glibc-utils-0:2.5-118.el5_10.3
  • nscd-0:2.12-1.132.el6_5.4
  • nscd-0:2.17-55.el7_0.1
  • nscd-0:2.5-118.el5_10.3
  • glibc-0:2.12-1.107.el6_4.6
  • glibc-0:2.12-1.47.el6_2.13
  • glibc-0:2.5-107.el5_9.7
  • glibc-0:2.5-58.el5_6.5
  • glibc-common-0:2.12-1.107.el6_4.6
  • glibc-common-0:2.12-1.47.el6_2.13
  • glibc-common-0:2.5-107.el5_9.7
  • glibc-common-0:2.5-58.el5_6.5
  • glibc-debuginfo-0:2.12-1.107.el6_4.6
  • glibc-debuginfo-0:2.12-1.47.el6_2.13
  • glibc-debuginfo-0:2.5-107.el5_9.7
  • glibc-debuginfo-0:2.5-58.el5_6.5
  • glibc-debuginfo-common-0:2.12-1.107.el6_4.6
  • glibc-debuginfo-common-0:2.12-1.47.el6_2.13
  • glibc-debuginfo-common-0:2.5-107.el5_9.7
  • glibc-debuginfo-common-0:2.5-58.el5_6.5
  • glibc-devel-0:2.12-1.107.el6_4.6
  • glibc-devel-0:2.12-1.47.el6_2.13
  • glibc-devel-0:2.5-107.el5_9.7
  • glibc-devel-0:2.5-58.el5_6.5
  • glibc-headers-0:2.12-1.107.el6_4.6
  • glibc-headers-0:2.12-1.47.el6_2.13
  • glibc-headers-0:2.5-107.el5_9.7
  • glibc-headers-0:2.5-58.el5_6.5
  • glibc-static-0:2.12-1.107.el6_4.6
  • glibc-static-0:2.12-1.47.el6_2.13
  • glibc-utils-0:2.12-1.107.el6_4.6
  • glibc-utils-0:2.12-1.47.el6_2.13
  • glibc-utils-0:2.5-107.el5_9.7
  • glibc-utils-0:2.5-58.el5_6.5
  • nscd-0:2.12-1.107.el6_4.6
  • nscd-0:2.12-1.47.el6_2.13
  • nscd-0:2.5-107.el5_9.7
  • nscd-0:2.5-58.el5_6.5

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:87222
last seen2017-11-19
modified2014-09-04
published2014-09-04
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-87222
titleglibc Off-by-One NUL Byte gconv_translit_find Exploit