Vulnerabilities > CVE-2014-5119 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | glibc Off-by-One NUL Byte gconv_translit_find Exploit. CVE-2014-5119. Local exploit for linux platform |
id | EDB-ID:34421 |
last seen | 2016-02-03 |
modified | 2014-08-27 |
published | 2014-08-27 |
reporter | taviso and scarybeasts |
source | https://www.exploit-db.com/download/34421/ |
title | glibc - Off-by-One NUL Byte gconv_translit_find Exploit |
Nessus
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-399.NASL description An off-by-one heap-based buffer overflow flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 78342 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78342 title Amazon Linux AMI : glibc (ALAS-2014-399) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-399. # include("compat.inc"); if (description) { script_id(78342); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-5119"); script_xref(name:"ALAS", value:"2014-399"); script_name(english:"Amazon Linux AMI : glibc (ALAS-2014-399)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-399.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update glibc' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"glibc-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-common-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-debuginfo-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-debuginfo-common-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-devel-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-headers-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-static-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"glibc-utils-2.17-55.85.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"nscd-2.17-55.85.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc"); }
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0033.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). - Add mmap usage to malloc_info output (#1027261). - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). - Also relocate in dependency order when doing symbol dependency testing (#1019916). - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). - nscd: Make SELinux checks dynamic (#1025933). - Fix race in free of fastbin chunk (#1027101). - Fix copy relocations handling of unique objects (#1032628). - Fix encoding name for IDN in getaddrinfo (#981942). - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen last seen 2020-06-01 modified 2020-06-02 plugin id 79548 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79548 title OracleVM 3.3 : glibc (OVMSA-2014-0033) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2014-0033. # include("compat.inc"); if (description) { script_id(79548); script_version("1.8"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2013-4237", "CVE-2013-4458", "CVE-2014-0475", "CVE-2014-5119"); script_bugtraq_id(61729, 63299, 68505, 68983, 69738); script_name(english:"OracleVM 3.3 : glibc (OVMSA-2014-0033)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). - Add mmap usage to malloc_info output (#1027261). - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). - Also relocate in dependency order when doing symbol dependency testing (#1019916). - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). - nscd: Make SELinux checks dynamic (#1025933). - Fix race in free of fastbin chunk (#1027101). - Fix copy relocations handling of unique objects (#1032628). - Fix encoding name for IDN in getaddrinfo (#981942). - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557)." ); # https://oss.oracle.com/pipermail/oraclevm-errata/2014-November/000229.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bed5f80b" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc / glibc-common / nscd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.3", reference:"glibc-2.12-1.149.el6")) flag++; if (rpm_check(release:"OVS3.3", reference:"glibc-common-2.12-1.149.el6")) flag++; if (rpm_check(release:"OVS3.3", reference:"nscd-2.12-1.149.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / nscd"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-175.NASL description Multiple vulnerabilities has been found and corrected in glibc : When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults (CVE-2012-6656). Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules (CVE-2014-5119). Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77654 published 2014-09-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77654 title Mandriva Linux Security Advisory : glibc (MDVSA-2014:175) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:175. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(77654); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2012-6656", "CVE-2014-5119", "CVE-2014-6040"); script_bugtraq_id(68983, 69470, 69472); script_xref(name:"MDVSA", value:"2014:175"); script_name(english:"Mandriva Linux Security Advisory : glibc (MDVSA-2014:175)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in glibc : When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults (CVE-2012-6656). Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules (CVE-2014-5119). Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) (CVE-2014-6040). The updated packages have been patched to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://seclists.org/oss-sec/2014/q3/485" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1135841" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1110" ); script_set_attribute( attribute:"see_also", value:"https://sourceware.org/bugzilla/show_bug.cgi?id=14134" ); script_set_attribute( attribute:"see_also", value:"https://sourceware.org/bugzilla/show_bug.cgi?id=17325" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc-pdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-devel-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"glibc-doc-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"glibc-doc-pdf-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-i18ndata-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-profile-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-static-devel-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"glibc-utils-2.14.1-12.9.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"nscd-2.14.1-12.9.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0024.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don last seen 2020-06-01 modified 2020-06-02 plugin id 81119 published 2015-02-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81119 title OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2015-0024. # include("compat.inc"); if (description) { script_id(81119); script_version("1.18"); script_cvs_date("Date: 2019/09/27 13:00:34"); script_cve_id("CVE-2013-0242", "CVE-2013-1914", "CVE-2013-4332", "CVE-2014-0475", "CVE-2014-5119", "CVE-2015-0235"); script_bugtraq_id(57638, 58839, 62324, 68505, 68983, 69738, 72325); script_name(english:"OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out <built-in> when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000)" ); # https://oss.oracle.com/pipermail/oraclevm-errata/2015-January/000261.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b908cf01" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc / glibc-common / nscd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Exim GHOST (glibc gethostbyname) Buffer Overflow'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:2.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/02"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "2\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 2.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); flag = 0; if (rpm_check(release:"OVS2.2", reference:"glibc-2.5-123.0.1.el5_11.1")) flag++; if (rpm_check(release:"OVS2.2", reference:"glibc-common-2.5-123.0.1.el5_11.1")) flag++; if (rpm_check(release:"OVS2.2", reference:"nscd-2.5-123.0.1.el5_11.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / nscd"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20140829_GLIBC_ON_SL5_X.NASL description An off-by-one heap-based buffer overflow flaw was found in glibc last seen 2020-03-18 modified 2014-08-30 plugin id 77465 published 2014-08-30 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77465 title Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64 (20140829) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(77465); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0475", "CVE-2014-5119"); script_name(english:"Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64 (20140829)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1408&L=scientific-linux-errata&T=0&P=1436 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f1bde0d0" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nscd"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"glibc-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL5", reference:"glibc-common-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL5", reference:"glibc-debuginfo-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL5", reference:"glibc-debuginfo-common-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL5", reference:"glibc-devel-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL5", reference:"glibc-headers-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL5", reference:"glibc-utils-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL5", reference:"nscd-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"SL6", reference:"glibc-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"glibc-common-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"glibc-debuginfo-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"glibc-debuginfo-common-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"glibc-devel-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"glibc-headers-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"glibc-static-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"glibc-utils-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"SL6", reference:"nscd-2.12-1.132.el6_5.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3012.NASL description Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian last seen 2020-03-17 modified 2014-08-28 plugin id 77418 published 2014-08-28 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77418 title Debian DSA-3012-1 : eglibc - security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-3012. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(77418); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-5119"); script_bugtraq_id(68983); script_xref(name:"DSA", value:"3012"); script_name(english:"Debian DSA-3012-1 : eglibc - security update"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose." ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/eglibc" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2014/dsa-3012" ); script_set_attribute( attribute:"solution", value: "Upgrade the eglibc packages. For the stable distribution (wheezy), this problem has been fixed in version 2.13-38+deb7u4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"eglibc-source", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"glibc-doc", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc-bin", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc-dev-bin", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dbg", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dev", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dev-i386", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-i386", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-i686", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-pic", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-prof", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-amd64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dbg", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-amd64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-i386", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-mips64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-mipsn32", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-ppc64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-s390", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-s390x", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-sparc64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-i386", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-i686", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-loongson2f", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-mips64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-mipsn32", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-pic", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-ppc64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-prof", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-s390", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-s390x", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-sparc64", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6-xen", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-dbg", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-dev", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-pic", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-prof", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"locales", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"locales-all", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"multiarch-support", reference:"2.13-38+deb7u4")) flag++; if (deb_check(release:"7.0", prefix:"nscd", reference:"2.13-38+deb7u4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2014-296-01.NASL description New glibc packages are available for Slackware 14.1 and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78656 published 2014-10-24 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78656 title Slackware 14.1 / current : glibc (SSA:2014-296-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2014-296-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(78656); script_version("$Revision: 1.3 $"); script_cvs_date("$Date: 2015/01/28 19:00:57 $"); script_cve_id("CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4237", "CVE-2013-4458", "CVE-2013-4788", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040"); script_xref(name:"SSA", value:"2014-296-01"); script_name(english:"Slackware 14.1 / current : glibc (SSA:2014-296-01)"); script_summary(english:"Checks for updated packages in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New glibc packages are available for Slackware 14.1 and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.647059 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5118ccd5" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-solibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:glibc-zoneinfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2015 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"14.1", pkgname:"glibc", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"i486", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.17", pkgarch:"x86_64", pkgnum:"8_slack14.1")) flag++; if (slackware_check(osver:"14.1", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1_slack14.1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-i18n", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-profile", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-solibs", pkgver:"2.20", pkgarch:"x86_64", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"glibc-zoneinfo", pkgver:"2014i", pkgarch:"noarch", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1110.NASL description Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 77439 published 2014-08-30 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77439 title CentOS 5 / 6 / 7 : glibc (CESA-2014:1110) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1110 and # CentOS Errata and Security Advisory 2014:1110 respectively. # include("compat.inc"); if (description) { script_id(77439); script_version("1.13"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2014-0475", "CVE-2014-5119"); script_bugtraq_id(68505, 68983); script_xref(name:"RHSA", value:"2014:1110"); script_name(english:"CentOS 5 / 6 / 7 : glibc (CESA-2014:1110)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2014-August/020518.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3b6ebde" ); # https://lists.centos.org/pipermail/centos-announce/2014-August/020519.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?10de64c9" ); # https://lists.centos.org/pipermail/centos-announce/2014-August/020520.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?11a699a3" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-5119"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x / 7.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"glibc-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-common-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-devel-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-headers-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"glibc-utils-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"CentOS-5", reference:"nscd-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-common-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-devel-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-headers-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-static-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"CentOS-6", reference:"glibc-utils-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"CentOS-6", reference:"nscd-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-2.17-55.el7_0.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-common-2.17-55.el7_0.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-devel-2.17-55.el7_0.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-headers-2.17-55.el7_0.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-static-2.17-55.el7_0.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"glibc-utils-2.17-55.el7_0.1")) flag++; if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"nscd-2.17-55.el7_0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1119-1.NASL description This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#772242: Replace scope handing with master state - bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) - bnc#818630: Fall back to localhost if no nameserver defined - bnc#828235: Fix missing character in IBM-943 charset - bnc#828637: Fix use of alloca in gaih_inet - bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83634 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83634 title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:1119-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83634); script_version("2.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-4412", "CVE-2013-4237", "CVE-2014-5119"); script_bugtraq_id(55462, 61729, 68983, 69738); script_name(english:"SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1119-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This glibc update fixes a critical privilege escalation problem and the following security and non security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#772242: Replace scope handing with master state - bnc#779320: Fix buffer overflow in strcoll (CVE-2012-4412) - bnc#818630: Fall back to localhost if no nameserver defined - bnc#828235: Fix missing character in IBM-943 charset - bnc#828637: Fix use of alloca in gaih_inet - bnc#834594: Fix readdir_r with long file names (CVE-2013-4237) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=772242" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=779320" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=818630" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828235" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=828637" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=834594" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=892073" ); # https://download.suse.com/patch/finder/?keywords=767429925ce018c15cbe14c33d6a0f11 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2e4ddbfb" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-4412/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-4237/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-5119/" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20141119-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9acd37d5" ); script_set_attribute(attribute:"solution", value:"Update the affected glibc packages"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/10/09"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-devel-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-locale-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"glibc-profile-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-devel-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-locale-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"s390x", reference:"glibc-profile-32bit-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-devel-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-html-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-i18ndata-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-info-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-locale-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"glibc-profile-2.4-31.111.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"nscd-2.4-31.111.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1118.NASL description Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 79044 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79044 title RHEL 5 / 6 : glibc (RHSA-2014:1118) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1118. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79044); script_version("1.17"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2014-5119"); script_bugtraq_id(68983); script_xref(name:"RHSA", value:"2014:1118"); script_name(english:"RHEL 5 / 6 : glibc (RHSA-2014:1118)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Long Life, Red Hat Enterprise Linux 5.9 Extended Update Support, Red Hat Enterprise Linux 6.2 Advanced Update Support, and Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/solutions/1176253" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1118" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-5119" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-debuginfo-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.9"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(5\.6|5\.9|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.6 / 5.9 / 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:1118"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { sp = get_kb_item("Host/RedHat/minor_release"); if (isnull(sp)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); flag = 0; if (rpm_check(release:"RHEL5", sp:"9", reference:"glibc-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"glibc-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-common-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-common-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"glibc-common-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-common-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"glibc-common-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"9", reference:"glibc-debuginfo-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-debuginfo-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i686", reference:"glibc-debuginfo-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-debuginfo-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-debuginfo-common-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-debuginfo-common-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"9", reference:"glibc-devel-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-devel-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-devel-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-headers-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-headers-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"glibc-headers-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-headers-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"glibc-headers-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"glibc-utils-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"glibc-utils-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"glibc-utils-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"glibc-utils-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"glibc-utils-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"i386", reference:"nscd-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"i386", reference:"nscd-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"s390x", reference:"nscd-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL5", sp:"6", cpu:"x86_64", reference:"nscd-2.5-58.el5_6.5")) flag++; if (rpm_check(release:"RHEL5", sp:"9", cpu:"x86_64", reference:"nscd-2.5-107.el5_9.7")) flag++; if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-2.12-1.107.el6_4.6")) flag++; } if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-2.12-1.107.el6_4.6")) flag++; } if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"glibc-common-2.12-1.107.el6_4.6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"glibc-common-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-common-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-common-2.12-1.107.el6_4.6")) flag++; } if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-debuginfo-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-debuginfo-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-debuginfo-2.12-1.107.el6_4.6")) flag++; } if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-debuginfo-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-debuginfo-2.12-1.107.el6_4.6")) flag++; } if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-debuginfo-common-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-debuginfo-common-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-debuginfo-common-2.12-1.107.el6_4.6")) flag++; } if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-debuginfo-common-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-debuginfo-common-2.12-1.107.el6_4.6")) flag++; } if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-devel-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-devel-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"i686", reference:"glibc-devel-2.12-1.107.el6_4.6")) flag++; } if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-devel-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-devel-2.12-1.107.el6_4.6")) flag++; } if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"glibc-headers-2.12-1.107.el6_4.6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"glibc-headers-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-headers-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-headers-2.12-1.107.el6_4.6")) flag++; } if (rpm_check(release:"RHEL6", sp:"4", reference:"glibc-static-2.12-1.107.el6_4.6")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"i686", reference:"glibc-static-2.12-1.47.el6_2.13")) flag++; if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-static-2.12-1.47.el6_2.13")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"glibc-utils-2.12-1.107.el6_4.6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"glibc-utils-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"glibc-utils-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"glibc-utils-2.12-1.107.el6_4.6")) flag++; } if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"nscd-2.12-1.107.el6_4.6")) flag++; if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"nscd-2.12-1.107.el6_4.6")) flag++; if (sp == "2") { if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"nscd-2.12-1.47.el6_2.13")) flag++; } else { if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"nscd-2.12-1.107.el6_4.6")) flag++; } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc"); } }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-168.NASL description Updated glibc packages fix security vulnerabilities : Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there (CVE-2014-0475). David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities (CVE-2014-4043). This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073) Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose (CVE-2014-5119). Adhemerval Zanella Netto discovered out-of-bounds reads in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) that can be used to crash the systems, causing a denial of service conditions (CVE-2014-6040). The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of last seen 2020-06-01 modified 2020-06-02 plugin id 82421 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82421 title Mandriva Linux Security Advisory : glibc (MDVSA-2015:168) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:168. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(82421); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:57"); script_cve_id("CVE-2012-3406", "CVE-2014-0475", "CVE-2014-4043", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1473"); script_xref(name:"MDVSA", value:"2015:168"); script_name(english:"Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated glibc packages fix security vulnerabilities : Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there (CVE-2014-0475). David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities (CVE-2014-4043). This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073) Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution. This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose (CVE-2014-5119). Adhemerval Zanella Netto discovered out-of-bounds reads in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) that can be used to crash the systems, causing a denial of service conditions (CVE-2014-6040). The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of '$((... ))' where '...' can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817). The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers (CVE-2012-3406). The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format (CVE-2014-9402). Also glibc lock elision (new feature in glibc 2.18) has been disabled as it can break glibc at runtime on newer Intel hardware (due to hardware bug) Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472). The incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack (CVE-2015-1473)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0314.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0376.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0496.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2015-0013.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2015-0072.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-2.18-10.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-devel-2.18-10.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", reference:"glibc-doc-2.18-10.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-i18ndata-2.18-10.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-profile-2.18-10.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-static-devel-2.18-10.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"glibc-utils-2.18-10.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"nscd-2.18-10.1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1129-1.NASL description This glibc update fixes a critical privilege escalation problem and two additional issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. - bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) - bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83639 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83639 title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2014:1129-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83639); script_version("2.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-6656", "CVE-2013-4357", "CVE-2014-5119", "CVE-2014-6040"); script_bugtraq_id(67992, 68983, 69470, 69472, 69738); script_name(english:"SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1129-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This glibc update fixes a critical privilege escalation problem and two additional issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#836746: Avoid race between {, __de}allocate_stack and __reclaim_stacks during fork. - bnc#844309: Fixed various overflows, reading large /etc/hosts or long names. (CVE-2013-4357) - bnc#894553, bnc#894556: Fixed various crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=836746" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=844309" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=892073" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=894553" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=894556" ); # https://download.suse.com/patch/finder/?keywords=cd8403453563e9d5a949d2219d62a993 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?12c9123b" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-6656/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-4357/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-5119/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-6040/" ); # https://www.suse.com/support/update/announcement/2014/suse-su-20141129-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ab20b15d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP2 LTSS : zypper in -t patch slessp2-glibc-9721 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP2", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-devel-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-html-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-i18ndata-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-info-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-locale-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"glibc-profile-2.11.3-17.45.53.1")) flag++; if (rpm_check(release:"SLES11", sp:"2", reference:"nscd-2.11.3-17.45.53.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201602-02.NASL description The remote host is affected by the vulnerability described in GLSA-201602-02 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. Impact : A remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. Workaround : A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below. last seen 2020-06-01 modified 2020-06-02 plugin id 88822 published 2016-02-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/88822 title GLSA-201602-02 : GNU C Library: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201602-02. # # The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(88822); script_version("2.16"); script_cvs_date("Date: 2019/04/11 17:23:06"); script_cve_id("CVE-2013-7423", "CVE-2014-0475", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-7817", "CVE-2014-8121", "CVE-2014-9402", "CVE-2015-1472", "CVE-2015-1781", "CVE-2015-7547", "CVE-2015-8776", "CVE-2015-8778", "CVE-2015-8779"); script_xref(name:"GLSA", value:"201602-02"); script_xref(name:"IAVA", value:"2016-A-0053"); script_xref(name:"TRA", value:"TRA-2017-08"); script_name(english:"GLSA-201602-02 : GNU C Library: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201602-02 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library: The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). Please review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. Impact : A remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. Workaround : A number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below." ); # https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1358552a" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201602-02" ); script_set_attribute( attribute:"see_also", value:"https://www.tenable.com/security/research/tra-2017-08" ); script_set_attribute( attribute:"solution", value: "All GNU C Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.21-r2' It is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package. Note: Should you run into compilation failures while updating, please see bug 574948." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/02/17"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/18"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-libs/glibc", unaffected:make_list("ge 2.21-r2"), vulnerable:make_list("lt 2.21-r2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "GNU C Library"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1110.NASL description From Red Hat Security Advisory 2014:1110 : Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 77463 published 2014-08-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77463 title Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1110 and # Oracle Linux Security Advisory ELSA-2014-1110 respectively. # include("compat.inc"); if (description) { script_id(77463); script_version("1.12"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2014-0475", "CVE-2014-5119"); script_bugtraq_id(68505, 68983); script_xref(name:"RHSA", value:"2014:1110"); script_name(english:"Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:1110 : Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-August/004389.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-August/004390.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-August/004391.html" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/07/29"); script_set_attribute(attribute:"patch_publication_date", value:"2014/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/30"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6 / 7", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"glibc-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-common-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-devel-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-headers-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"EL5", reference:"glibc-utils-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"EL5", reference:"nscd-2.5-118.el5_10.3")) flag++; if (rpm_check(release:"EL6", reference:"glibc-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"EL6", reference:"glibc-common-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"EL6", reference:"glibc-devel-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"EL6", reference:"glibc-headers-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"EL6", reference:"glibc-static-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"EL6", reference:"glibc-utils-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"EL6", reference:"nscd-2.12-1.132.el6_5.4")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-2.17-55.0.4.el7_0.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-common-2.17-55.0.4.el7_0.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-devel-2.17-55.0.4.el7_0.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-headers-2.17-55.0.4.el7_0.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-static-2.17-55.0.4.el7_0.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-utils-2.17-55.0.4.el7_0.1")) flag++; if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nscd-2.17-55.0.4.el7_0.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1128-1.NASL description This glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83638 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83638 title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1) NASL family Fedora Local Security Checks NASL id FEDORA_2014-9830.NASL description An off-by-one heap-based buffer overflow flaw was found in glibc last seen 2020-03-17 modified 2014-10-20 plugin id 78583 published 2014-10-20 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78583 title Fedora 19 : glibc-2.17-21.fc19 (2014-9830) NASL family Fedora Local Security Checks NASL id FEDORA_2014-9824.NASL description - Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly long, contain slashes without starting with a slash, or contain last seen 2020-03-17 modified 2014-08-29 plugin id 77430 published 2014-08-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77430 title Fedora 20 : glibc-2.18-14.fc20 (2014-9824) NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-140829.NASL description This glibc update fixes a critical privilege escalation problem and two non-security issues : - An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119). (bnc#892073) - setenv-alloca.patch: Avoid unbound alloca in setenv. (bnc#892065) - printf-multibyte-format.patch: Don last seen 2020-06-05 modified 2014-09-13 plugin id 77673 published 2014-09-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/77673 title SuSE 11.3 Security Update : glibc (SAT Patch Number 9669) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-536.NASL description glibc was updated to fix three security issues : - A directory traversal in locale environment handling was fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137) - Disable gconv transliteration module loading which could be used for code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187) - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, bnc#894553, BZ #17325) last seen 2020-06-05 modified 2014-09-12 plugin id 77659 published 2014-09-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77659 title openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2328-1.NASL description Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. (CVE-2014-5119) USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 77436 published 2014-08-29 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77436 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerability (USN-2328-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1110.NASL description Updated glibc packages that fix two security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc last seen 2020-06-01 modified 2020-06-02 plugin id 77464 published 2014-08-30 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77464 title RHEL 5 / 6 / 7 : glibc (RHSA-2014:1110) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0023.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don last seen 2020-06-01 modified 2020-06-02 plugin id 81118 published 2015-02-02 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81118 title OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-1122-1.NASL description This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don last seen 2020-06-05 modified 2015-05-20 plugin id 83637 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83637 title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2014-0017.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Don last seen 2020-06-01 modified 2020-06-02 plugin id 79539 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79539 title OracleVM 3.3 : glibc (OVMSA-2014-0017) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-43.NASL description CVE-2014-0475 Stephane Chazelas discovered that the GNU C library, glibc, processed last seen 2020-03-17 modified 2015-03-26 plugin id 82190 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82190 title Debian DLA-43-1 : eglibc security update
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | No description provided by source. |
id | SSV:87222 |
last seen | 2017-11-19 |
modified | 2014-09-04 |
published | 2014-09-04 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-87222 |
title | glibc Off-by-One NUL Byte gconv_translit_find Exploit |
References
- http://seclists.org/fulldisclosure/2014/Aug/69
- http://www.securityfocus.com/bid/68983
- http://www.openwall.com/lists/oss-security/2014/08/13/5
- https://sourceware.org/bugzilla/show_bug.cgi?id=17187
- http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
- http://www.openwall.com/lists/oss-security/2014/07/14/1
- https://code.google.com/p/google-security-research/issues/detail?id=96
- http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
- https://rhn.redhat.com/errata/RHSA-2014-1110.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
- http://www-01.ibm.com/support/docview.wss?uid=swg21685604
- http://www.debian.org/security/2014/dsa-3012
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119
- http://rhn.redhat.com/errata/RHSA-2014-1118.html
- http://linux.oracle.com/errata/ELSA-2015-0092.html
- https://security.gentoo.org/glsa/201602-02
- http://www.securityfocus.com/bid/69738
- http://secunia.com/advisories/61093
- http://secunia.com/advisories/61074
- http://secunia.com/advisories/60441
- http://secunia.com/advisories/60358
- http://secunia.com/advisories/60345