Vulnerabilities > CVE-2016-3706 - Improper Input Validation vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Server Side Include (SSI) Injection An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
- Cross Zone Scripting An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
- Cross Site Scripting through Log Files An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
- Command Line Execution through SQL Injection An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-B321728D74.NASL description This update contains minor security fixes (for CVE-2016-3075, CVE-2016-3706, and CVE-2016-1234) and collects fixes for bugs encountered by Fedora users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92146 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92146 title Fedora 24 : glibc (2016-b321728d74) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-b321728d74. # include("compat.inc"); if (description) { script_id(92146); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706"); script_xref(name:"FEDORA", value:"2016-b321728d74"); script_name(english:"Fedora 24 : glibc (2016-b321728d74)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update contains minor security fixes (for CVE-2016-3075, CVE-2016-3706, and CVE-2016-1234) and collects fixes for bugs encountered by Fedora users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b321728d74" ); script_set_attribute(attribute:"solution", value:"Update the affected glibc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"glibc-2.23.1-7.fc24")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3239-1.NASL description It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97856 published 2017-03-21 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97856 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3239-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(97856); script_version("3.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22"); script_cve_id("CVE-2015-5180", "CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-5417", "CVE-2016-6323"); script_xref(name:"USN", value:"3239-1"); script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3239-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected libc6 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libc6", pkgver:"2.15-0ubuntu10.16")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libc6", pkgver:"2.19-0ubuntu6.10")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libc6", pkgver:"2.23-0ubuntu6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1721-1.NASL description This update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call (CVE-2016-4429, bsc#980854) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93173 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93173 title SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:1721-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93173); script_version("2.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22"); script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"); script_name(english:"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call (CVE-2016-4429, bsc#980854) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=969727" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=973010" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=973164" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=975930" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980854" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1234/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3075/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3706/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4429/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20161721-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d392d81d" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12 : zypper in -t patch SUSE-SLE-SDK-12-2016-1015=1 SUSE Linux Enterprise Server 12 : zypper in -t patch SUSE-SLE-SERVER-12-2016-1015=1 SUSE Linux Enterprise Desktop 12 : zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1015=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-debuginfo-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-debugsource-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-debuginfo-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-debuginfo-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-profile-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"nscd-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"nscd-debuginfo-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-debuginfo-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-debuginfo-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-debuginfo-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-profile-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-debuginfo-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-debugsource-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-debuginfo-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-debuginfo-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"nscd-2.19-22.16.2")) flag++; if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"nscd-debuginfo-2.19-22.16.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-494.NASL description Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc : CVE-2016-1234 Alexander Cherepanov discovered that the glibc last seen 2020-03-17 modified 2016-05-31 plugin id 91361 published 2016-05-31 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91361 title Debian DLA-494-1 : eglibc security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-494-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(91361); script_version("2.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706"); script_name(english:"Debian DLA-494-1 : eglibc security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been fixed in the Debian GNU C Library, eglibc : CVE-2016-1234 Alexander Cherepanov discovered that the glibc's glob implementation suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name. CVE-2016-3075 The getnetbyname implementation in nss_dns was susceptible to a stack overflow and a crash if it was invoked on a very long name. CVE-2016-3706 Michael Petlan reported that getaddrinfo copied large amounts of address data to the stack, possibly leading to a stack overflow. This complements the fix for CVE-2013-4458. For Debian 7 'Wheezy', these problems have been fixed in version 2.13-38+deb7u11. We recommend you to upgrade your eglibc packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2016/05/msg00047.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/eglibc" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-dev-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-dev-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-i686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-pic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-prof"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-mips64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-mipsn32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-ppc64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-s390"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-s390x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-sparc64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-loongson2f"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-mips64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-mipsn32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-pic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-ppc64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-prof"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-s390"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-s390x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-sparc64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-pic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-prof"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multiarch-support"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"eglibc-source", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"glibc-doc", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc-bin", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc-dev-bin", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dbg", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dev", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-dev-i386", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-i386", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-i686", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-pic", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc0.1-prof", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-amd64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dbg", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-amd64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-i386", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-mips64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-mipsn32", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-ppc64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-s390", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-s390x", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-dev-sparc64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-i386", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-i686", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-loongson2f", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-mips64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-mipsn32", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-pic", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-ppc64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-prof", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-s390", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-s390x", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-sparc64", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6-xen", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-dbg", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-dev", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-pic", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"libc6.1-prof", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"locales", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"locales-all", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"multiarch-support", reference:"2.13-38+deb7u11")) flag++; if (deb_check(release:"7.0", prefix:"nscd", reference:"2.13-38+deb7u11")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL06493172.NASL description Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706) last seen 2020-03-28 modified 2018-12-18 plugin id 119732 published 2018-12-18 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119732 title F5 Networks BIG-IP : glibc vulnerability (K06493172) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K06493172. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(119732); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27"); script_cve_id("CVE-2013-4458", "CVE-2016-3706"); script_bugtraq_id(63299); script_name(english:"F5 Networks BIG-IP : glibc vulnerability (K06493172)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)" ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K06493172" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K06493172." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/12"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K06493172"; vmatrix = make_array(); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1"); vmatrix["AFM"]["unaffected"] = make_list("14.1.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1"); vmatrix["AM"]["unaffected"] = make_list("14.1.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("14.1.0"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("14.1.0"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1"); vmatrix["AVR"]["unaffected"] = make_list("14.1.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("14.1.0"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("14.1.0"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1"); vmatrix["PEM"]["unaffected"] = make_list("14.1.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2156-1.NASL description This update for glibc fixes the following issues : - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93309 published 2016-09-02 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93309 title SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:2156-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93309); script_version("2.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22"); script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"); script_name(english:"SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for glibc fixes the following issues : - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=931399" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=965699" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=969727" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=973010" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=973164" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=973179" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980854" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=986302" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1234/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3075/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3706/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4429/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20162156-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e736d9c3" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-glibc-12712=1 SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-glibc-12712=1 SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-glibc-12712=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2016/08/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-devel-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-html-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-i18ndata-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-info-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-locale-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-profile-2.11.3-17.102.1")) flag++; if (rpm_check(release:"SLES11", sp:"4", reference:"nscd-2.11.3-17.102.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-1733-1.NASL description This update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) - Remove mtrace.1, now included in the man-pages package. (bsc#967190) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 93175 published 2016-08-29 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93175 title SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2016:1733-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(93175); script_version("2.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22"); script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429"); script_name(english:"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) - Remove mtrace.1, now included in the man-pages package. (bsc#967190) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=967190" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=968787" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=969727" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=973010" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=973164" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=975930" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980483" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=980854" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-1234/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3075/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-3706/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2016-4429/" ); # https://www.suse.com/support/update/announcement/2016/suse-su-20161733-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dc46cc7a" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Software Development Kit 12-SP1 : zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1021=1 SUSE Linux Enterprise Server 12-SP1 : zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1021=1 SUSE Linux Enterprise Desktop 12-SP1 : zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1021=1 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2016/07/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp); if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-debuginfo-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-debugsource-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-debuginfo-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-debuginfo-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-profile-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"nscd-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"nscd-debuginfo-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-debuginfo-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-debuginfo-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-debuginfo-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-profile-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-debuginfo-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-debugsource-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-debuginfo-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-debuginfo-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"nscd-2.19-38.2")) flag++; if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"nscd-debuginfo-2.19-38.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3239-3.NASL description USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error. It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97936 published 2017-03-24 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97936 title Ubuntu 12.04 LTS : eglibc regression (USN-3239-3) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3239-3. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(97936); script_version("3.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22"); script_cve_id("CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-5417", "CVE-2016-6323"); script_xref(name:"USN", value:"3239-3"); script_name(english:"Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error. It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3239-3/" ); script_set_attribute(attribute:"solution", value:"Update the affected libc6 package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"libc6", pkgver:"2.15-0ubuntu10.18")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0013.NASL description An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111862 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111862 title Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2017-0013. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111862); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:50"); script_cve_id( "CVE-2016-1234", "CVE-2016-1546", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-6313", "CVE-2016-6318", "CVE-2016-10195", "CVE-2016-10196", "CVE-2016-10197" ); script_name(english:"Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-37 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5405b83"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4429"); script_set_attribute(attribute:"patch_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cracklib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libevent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libgcrypt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "cracklib-2.9.6-3.ph1", "cracklib-debuginfo-2.9.6-3.ph1", "cracklib-devel-2.9.6-3.ph1", "cracklib-dicts-2.9.6-3.ph1", "cracklib-lang-2.9.6-3.ph1", "cracklib-python-2.9.6-3.ph1", "glibc-2.22-10.ph1", "glibc-devel-2.22-10.ph1", "glibc-lang-2.22-10.ph1", "httpd-2.4.25-2.ph1", "httpd-debuginfo-2.4.25-2.ph1", "httpd-devel-2.4.25-2.ph1", "httpd-docs-2.4.25-2.ph1", "httpd-tools-2.4.25-2.ph1", "libevent-2.1.8-1.ph1", "libevent-debuginfo-2.1.8-1.ph1", "libevent-devel-2.1.8-1.ph1", "libgcrypt-1.7.6-1.ph1", "libgcrypt-debuginfo-1.7.6-1.ph1", "libgcrypt-devel-1.7.6-1.ph1" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib / glibc / httpd / libevent / libgcrypt"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2016-B0E67C88B5.NASL description This update addresses a minor security bug (CVE-2016-3706) and works around a bug in Address Sanitizer (ASAN) which would cause ASAN-enabled binaries to fail after the update to glibc-2.22-16.fc23 (Fedora#1335011). Locale updates are included as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-14 plugin id 92144 published 2016-07-14 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92144 title Fedora 23 : glibc (2016-b0e67c88b5) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2016-b0e67c88b5. # include("compat.inc"); if (description) { script_id(92144); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-3706"); script_xref(name:"FEDORA", value:"2016-b0e67c88b5"); script_name(english:"Fedora 23 : glibc (2016-b0e67c88b5)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update addresses a minor security bug (CVE-2016-3706) and works around a bug in Address Sanitizer (ASAN) which would cause ASAN-enabled binaries to fail after the update to glibc-2.22-16.fc23 (Fedora#1335011). Locale updates are included as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0e67c88b5" ); script_set_attribute(attribute:"solution", value:"Update the affected glibc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glibc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/10"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"glibc-2.22-16.fc23")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0024_GLIBC.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (CVE-2017-15670) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. (CVE-2017-12132) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. (CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). (CVE-2015-5180) - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. (CVE-2014-9402) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. (CVE-2018-1000001) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127183 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127183 title NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from ZTE advisory NS-SA-2019-0024. The text # itself is copyright (C) ZTE, Inc. include("compat.inc"); if (description) { script_id(127183); script_version("1.5"); script_cvs_date("Date: 2019/11/27"); script_cve_id( "CVE-2014-9402", "CVE-2015-5180", "CVE-2016-3706", "CVE-2017-12132", "CVE-2017-15670", "CVE-2017-15804", "CVE-2018-1000001" ); script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)"); script_set_attribute(attribute:"synopsis", value: "The remote machine is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (CVE-2017-15670) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. (CVE-2017-12132) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. (CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). (CVE-2015-5180) - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. (CVE-2014-9402) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. (CVE-2018-1000001) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0024"); script_set_attribute(attribute:"solution", value: "Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for more information."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15804"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'glibc realpath() Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/24"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"NewStart CGSL Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/ZTE-CGSL/release"); if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux"); if (release !~ "CGSL CORE 5.04" && release !~ "CGSL MAIN 5.04") audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04'); if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu); flag = 0; pkgs = { "CGSL CORE 5.04": [ "glibc-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-common-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-debuginfo-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-debuginfo-common-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-devel-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-headers-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-i18n-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-iconv-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-lang-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-locale-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-static-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-tools-2.17-222.el7.cgslv5lite.0.6.g0d82438", "glibc-utils-2.17-222.el7.cgslv5lite.0.6.g0d82438", "nscd-2.17-222.el7.cgslv5lite.0.6.g0d82438" ], "CGSL MAIN 5.04": [ "glibc-2.17-222.el7.cgslv5.0.1.gd23aea5", "glibc-common-2.17-222.el7.cgslv5.0.1.gd23aea5", "glibc-debuginfo-2.17-222.el7.cgslv5.0.1.gd23aea5", "glibc-debuginfo-common-2.17-222.el7.cgslv5.0.1.gd23aea5", "glibc-devel-2.17-222.el7.cgslv5.0.1.gd23aea5", "glibc-headers-2.17-222.el7.cgslv5.0.1.gd23aea5", "glibc-static-2.17-222.el7.cgslv5.0.1.gd23aea5", "glibc-utils-2.17-222.el7.cgslv5.0.1.gd23aea5", "nscd-2.17-222.el7.cgslv5.0.1.gd23aea5" ] }; pkg_list = pkgs[release]; foreach (pkg in pkg_list) if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2017-0013_GLIBC.NASL description An update of the glibc package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121682 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121682 title Photon OS 1.0: Glibc PHSA-2017-0013 NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-852.NASL description This update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) - Remove mtrace.1, now included in the man-pages package. (bsc#967190) This update was imported from the SUSE:SLE-12-SP1:Update update project. last seen 2020-06-05 modified 2016-07-11 plugin id 91987 published 2016-07-11 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91987 title openSUSE Security Update : glibc (openSUSE-2016-852) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1551.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778) - A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132) - It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.(CVE-2012-4424) - It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application.(CVE-2015-8777) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.(CVE-2013-2207) - A stack overflow flaw was found in glibc last seen 2020-03-17 modified 2019-05-14 plugin id 125004 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125004 title EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-699.NASL description This update for glibc fixes the following issues : - glob-altdirfunc.patch: Do not copy d_name field of struct dirent (CVE-2016-1234, boo#969727, BZ #19779) - nss-dns-memleak-2.patch: fix memory leak in _nss_dns_gethostbyname4_r (boo#973010) - nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) - getaddrinfo-hostent-conv-stack-overflow.patch: getaddrinfo stack overflow in hostent conversion (CVE-2016-3706, boo#980483, BZ #20010) - clntudp-call-alloca.patch: do not use alloca in clntudp_call (CVE-2016-4429, boo#980854, BZ #20112) last seen 2020-06-05 modified 2016-06-09 plugin id 91534 published 2016-06-09 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91534 title openSUSE Security Update : glibc (openSUSE-2016-699) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3239-2.NASL description USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again. It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 97887 published 2017-03-22 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97887 title Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2)
References
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00030.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2016-07/msg00039.html
- http://www.securityfocus.com/bid/102073
- http://www.securityfocus.com/bid/102073
- http://www.securityfocus.com/bid/88440
- http://www.securityfocus.com/bid/88440
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- http://www-01.ibm.com/support/docview.wss?uid=swg21995039
- https://source.android.com/security/bulletin/2017-12-01
- https://source.android.com/security/bulletin/2017-12-01
- https://sourceware.org/bugzilla/show_bug.cgi?id=20010
- https://sourceware.org/bugzilla/show_bug.cgi?id=20010
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9