Vulnerabilities > CVE-2015-5229 - Code vulnerability in Redhat products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
redhat
CWE-17
nessus

Summary

The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-660.NASL
    descriptionIt was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes.
    last seen2020-06-01
    modified2020-06-02
    plugin id89841
    published2016-03-11
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89841
    titleAmazon Linux AMI : glibc (ALAS-2016-660)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-660.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89841);
      script_version("2.4");
      script_cvs_date("Date: 2018/04/18 15:09:35");
    
      script_cve_id("CVE-2015-5229");
      script_xref(name:"ALAS", value:"2016-660");
    
      script_name(english:"Amazon Linux AMI : glibc (ALAS-2016-660)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the calloc implementation in glibc could return
    memory areas which contain non-zero bytes. This could result in
    unexpected application behavior such as hangs or crashes."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-660.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update glibc' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"glibc-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-common-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-debuginfo-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-debuginfo-common-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-devel-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-headers-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-static-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"glibc-utils-2.17-106.167.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"nscd-2.17-106.167.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0176.NASL
    descriptionFrom Red Hat Security Advisory 2016:0176 : Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs : * The existing implementation of the
    last seen2020-06-01
    modified2020-06-02
    plugin id88777
    published2016-02-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88777
    titleOracle Linux 7 : glibc (ELSA-2016-0176)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:0176 and 
    # Oracle Linux Security Advisory ELSA-2016-0176 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88777);
      script_version("2.18");
      script_cvs_date("Date: 2019/09/27 13:00:36");
    
      script_cve_id("CVE-2015-5229", "CVE-2015-7547");
      script_xref(name:"RHSA", value:"2016:0176");
      script_xref(name:"TRA", value:"TRA-2017-08");
    
      script_name(english:"Oracle Linux 7 : glibc (ELSA-2016-0176)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:0176 :
    
    Updated glibc packages that fix two security issues and two bugs are
    now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Critical
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The glibc packages provide the standard C libraries (libc), POSIX
    thread libraries (libpthread), standard math libraries (libm), and the
    name service cache daemon (nscd) used by multiple programs on the
    system. Without these libraries, the Linux system cannot function
    correctly.
    
    A stack-based buffer overflow was found in the way the libresolv
    library performed dual A/AAAA DNS queries. A remote attacker could
    create a specially crafted DNS response which could cause libresolv to
    crash or, potentially, execute code with the permissions of the user
    running the library. Note: this issue is only exposed when libresolv
    is called from the nss_dns NSS service module. (CVE-2015-7547)
    
    It was discovered that the calloc implementation in glibc could return
    memory areas which contain non-zero bytes. This could result in
    unexpected application behavior such as hangs or crashes.
    (CVE-2015-5229)
    
    The CVE-2015-7547 issue was discovered by the Google Security Team and
    Red Hat. Red Hat would like to thank Jeff Layton for reporting the
    CVE-2015-5229 issue.
    
    This update also fixes the following bugs :
    
    * The existing implementation of the 'free' function causes all memory
    pools beyond the first to return freed memory directly to the
    operating system as quickly as possible. This can result in
    performance degradation when the rate of free calls is very high. The
    first memory pool (the main pool) does provide a method to rate limit
    the returns via M_TRIM_THRESHOLD, but this method is not available to
    subsequent memory pools.
    
    With this update, the M_TRIM_THRESHOLD method is extended to apply to
    all memory pools, which improves performance for threads with very
    high amounts of free calls and limits the number of 'madvise' system
    calls. The change also increases the total transient memory usage by
    processes because the trim threshold must be reached before memory can
    be freed.
    
    To return to the previous behavior, you can either set
    M_TRIM_THRESHOLD using the 'mallopt' function, or set the
    MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930)
    
    * On the little-endian variant of 64-bit IBM Power Systems (ppc64le),
    a bug in the dynamic loader could cause applications compiled with
    profiling enabled to fail to start with the error 'monstartup: out of
    memory'. The bug has been corrected and applications compiled for
    profiling now start correctly. (BZ#1298956)
    
    All glibc users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-February/005784.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.tenable.com/security/research/tra-2017-08"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected glibc packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/17");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-2.17-106.0.1.el7_2.4")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-common-2.17-106.0.1.el7_2.4")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-devel-2.17-106.0.1.el7_2.4")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-headers-2.17-106.0.1.el7_2.4")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-static-2.17-106.0.1.el7_2.4")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"glibc-utils-2.17-106.0.1.el7_2.4")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"nscd-2.17-106.0.1.el7_2.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-devel / glibc-headers / glibc-static / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160216_GLIBC_ON_SL7_X.NASL
    descriptionA stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) This update also fixes the following bugs : - The existing implementation of the
    last seen2020-03-18
    modified2016-02-17
    plugin id88798
    published2016-02-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88798
    titleScientific Linux Security Update : glibc on SL7.x x86_64 (20160216)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(88798);
      script_version("2.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2015-5229", "CVE-2015-7547");
      script_xref(name:"TRA", value:"TRA-2017-08");
      script_xref(name:"IAVA", value:"2016-A-0053");
    
      script_name(english:"Scientific Linux Security Update : glibc on SL7.x x86_64 (20160216)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A stack-based buffer overflow was found in the way the libresolv
    library performed dual A/AAAA DNS queries. A remote attacker could
    create a specially crafted DNS response which could cause libresolv to
    crash or, potentially, execute code with the permissions of the user
    running the library. Note: this issue is only exposed when libresolv
    is called from the nss_dns NSS service module. (CVE-2015-7547)
    
    It was discovered that the calloc implementation in glibc could return
    memory areas which contain non-zero bytes. This could result in
    unexpected application behavior such as hangs or crashes.
    (CVE-2015-5229)
    
    This update also fixes the following bugs :
    
      - The existing implementation of the 'free' function
        causes all memory pools beyond the first to return freed
        memory directly to the operating system as quickly as
        possible. This can result in performance degradation
        when the rate of free calls is very high. The first
        memory pool (the main pool) does provide a method to
        rate limit the returns via M_TRIM_THRESHOLD, but this
        method is not available to subsequent memory pools.
    
    With this update, the M_TRIM_THRESHOLD method is extended to apply to
    all memory pools, which improves performance for threads with very
    high amounts of free calls and limits the number of 'madvise' system
    calls. The change also increases the total transient memory usage by
    processes because the trim threshold must be reached before memory can
    be freed.
    
    To return to the previous behavior, you can either set
    M_TRIM_THRESHOLD using the 'mallopt' function, or set the
    MALLOC_TRIM_THRESHOLD environment variable to 0.
    
      - On the little-endian variant of 64-bit IBM Power Systems
        (ppc64le), a bug in the dynamic loader could cause
        applications compiled with profiling enabled to fail to
        start with the error 'monstartup: out of memory'. The
        bug has been corrected and applications compiled for
        profiling now start correctly."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1602&L=scientific-linux-errata&F=&S=&P=15470
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3676f945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.tenable.com/security/research/tra-2017-08"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/17");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-common-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-debuginfo-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-debuginfo-common-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-devel-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-headers-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-static-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"glibc-utils-2.17-106.el7_2.4")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"nscd-2.17-106.el7_2.4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc / glibc-common / glibc-debuginfo / glibc-debuginfo-common / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0176.NASL
    descriptionUpdated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs : * The existing implementation of the
    last seen2020-06-01
    modified2020-06-02
    plugin id88758
    published2016-02-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88758
    titleCentOS 7 : glibc (CESA-2016:0176)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0176.NASL
    descriptionUpdated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs : * The existing implementation of the
    last seen2020-06-01
    modified2020-06-02
    plugin id88785
    published2016-02-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/88785
    titleRHEL 7 : glibc (RHSA-2016:0176)

Redhat

advisories
  • bugzilla
    id1244002
    titleNFS and Fuse mounts hang while running IO - Malloc/free deadlock
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentnscd is earlier than 0:2.12-1.166.el6_7.1
            ovaloval:com.redhat.rhba:tst:20151465001
          • commentnscd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763014
        • AND
          • commentglibc is earlier than 0:2.12-1.166.el6_7.1
            ovaloval:com.redhat.rhba:tst:20151465003
          • commentglibc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763004
        • AND
          • commentglibc-headers is earlier than 0:2.12-1.166.el6_7.1
            ovaloval:com.redhat.rhba:tst:20151465005
          • commentglibc-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763010
        • AND
          • commentglibc-devel is earlier than 0:2.12-1.166.el6_7.1
            ovaloval:com.redhat.rhba:tst:20151465007
          • commentglibc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763006
        • AND
          • commentglibc-common is earlier than 0:2.12-1.166.el6_7.1
            ovaloval:com.redhat.rhba:tst:20151465009
          • commentglibc-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763008
        • AND
          • commentglibc-utils is earlier than 0:2.12-1.166.el6_7.1
            ovaloval:com.redhat.rhba:tst:20151465011
          • commentglibc-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763012
        • AND
          • commentglibc-static is earlier than 0:2.12-1.166.el6_7.1
            ovaloval:com.redhat.rhba:tst:20151465013
          • commentglibc-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763002
    rhsa
    idRHBA-2015:1465
    released2015-07-22
    severityNone
    titleRHBA-2015:1465: glibc bug fix update (None)
  • rhsa
    idRHSA-2016:0176
rpms
  • glibc-0:2.12-1.166.el6_7.1
  • glibc-common-0:2.12-1.166.el6_7.1
  • glibc-debuginfo-0:2.12-1.166.el6_7.1
  • glibc-debuginfo-common-0:2.12-1.166.el6_7.1
  • glibc-devel-0:2.12-1.166.el6_7.1
  • glibc-headers-0:2.12-1.166.el6_7.1
  • glibc-static-0:2.12-1.166.el6_7.1
  • glibc-utils-0:2.12-1.166.el6_7.1
  • nscd-0:2.12-1.166.el6_7.1
  • glibc-0:2.17-106.el7_2.4
  • glibc-common-0:2.17-106.el7_2.4
  • glibc-debuginfo-0:2.17-106.el7_2.4
  • glibc-debuginfo-common-0:2.17-106.el7_2.4
  • glibc-devel-0:2.17-106.el7_2.4
  • glibc-headers-0:2.17-106.el7_2.4
  • glibc-static-0:2.17-106.el7_2.4
  • glibc-utils-0:2.17-106.el7_2.4
  • nscd-0:2.17-106.el7_2.4