Vulnerabilities > CVE-2016-3706 - Improper Input Validation vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
opensuse
gnu
CWE-20
nessus

Summary

Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.

Vulnerable Configurations

Part Description Count
OS
Opensuse
1
Application
Gnu
117

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-B321728D74.NASL
    descriptionThis update contains minor security fixes (for CVE-2016-3075, CVE-2016-3706, and CVE-2016-1234) and collects fixes for bugs encountered by Fedora users. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92146
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92146
    titleFedora 24 : glibc (2016-b321728d74)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-b321728d74.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92146);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706");
      script_xref(name:"FEDORA", value:"2016-b321728d74");
    
      script_name(english:"Fedora 24 : glibc (2016-b321728d74)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update contains minor security fixes (for CVE-2016-3075,
    CVE-2016-3706, and CVE-2016-1234) and collects fixes for bugs
    encountered by Fedora users.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b321728d74"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected glibc package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glibc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"glibc-2.23.1-7.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3239-1.NASL
    descriptionIt was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97856
    published2017-03-21
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97856
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3239-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97856);
      script_version("3.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22");
    
      script_cve_id("CVE-2015-5180", "CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-5417", "CVE-2016-6323");
      script_xref(name:"USN", value:"3239-1");
    
      script_name(english:"Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc vulnerabilities (USN-3239-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "It was discovered that the GNU C Library incorrectly handled the
    strxfrm() function. An attacker could use this issue to cause a denial
    of service or possibly execute arbitrary code. This issue only
    affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)
    
    It was discovered that an integer overflow existed in the
    _IO_wstr_overflow() function of the GNU C Library. An attacker could
    use this to cause a denial of service or possibly execute arbitrary
    code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
    (CVE-2015-8983)
    
    It was discovered that the fnmatch() function in the GNU C Library did
    not properly handle certain malformed patterns. An attacker could use
    this to cause a denial of service. This issue only affected Ubuntu
    12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)
    
    Alexander Cherepanov discovered a stack-based buffer overflow in the
    glob implementation of the GNU C Library. An attacker could use this
    to specially craft a directory layout and cause a denial of service.
    (CVE-2016-1234)
    
    Florian Weimer discovered a NULL pointer dereference in the DNS
    resolver of the GNU C Library. An attacker could use this to cause a
    denial of service. (CVE-2015-5180)
    
    Michael Petlan discovered an unbounded stack allocation in the
    getaddrinfo() function of the GNU C Library. An attacker could use
    this to cause a denial of service. (CVE-2016-3706)
    
    Aldy Hernandez discovered an unbounded stack allocation in the sunrpc
    implementation in the GNU C Library. An attacker could use this to
    cause a denial of service. (CVE-2016-4429)
    
    Tim Ruehsen discovered that the getaddrinfo() implementation in the
    GNU C Library did not properly track memory allocations. An attacker
    could use this to cause a denial of service. This issue only affected
    Ubuntu 16.04 LTS. (CVE-2016-5417)
    
    Andreas Schwab discovered that the GNU C Library on ARM 32-bit
    platforms did not properly set up execution contexts. An attacker
    could use this to cause a denial of service. (CVE-2016-6323).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3239-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected libc6 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04|14\.04|16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 14.04 / 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libc6", pkgver:"2.15-0ubuntu10.16")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"libc6", pkgver:"2.19-0ubuntu6.10")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libc6", pkgver:"2.23-0ubuntu6")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1721-1.NASL
    descriptionThis update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call (CVE-2016-4429, bsc#980854) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93173
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93173
    titleSUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1721-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93173);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22");
    
      script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1721-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for glibc provides the following fixes :
    
      - Increase DTV_SURPLUS limit. (bsc#968787)
    
      - Do not copy d_name field of struct dirent.
        (CVE-2016-1234, bsc#969727)
    
      - Fix memory leak in _nss_dns_gethostbyname4_r.
        (bsc#973010)
    
      - Fix stack overflow in _nss_dns_getnetbyname_r.
        (CVE-2016-3075, bsc#973164)
    
      - Fix malloc performance regression from SLE 11.
        (bsc#975930)
    
      - Fix getaddrinfo stack overflow in hostent conversion.
        (CVE-2016-3706, bsc#980483)
    
      - Do not use alloca in clntudp_call (CVE-2016-4429,
        bsc#980854)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=968787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973164"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=975930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1234/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3075/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3706/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4429/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161721-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d392d81d"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12 :
    
    zypper in -t patch SUSE-SLE-SDK-12-2016-1015=1
    
    SUSE Linux Enterprise Server 12 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-2016-1015=1
    
    SUSE Linux Enterprise Desktop 12 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1015=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-debuginfo-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-debugsource-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-debuginfo-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-debuginfo-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-profile-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nscd-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"nscd-debuginfo-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-debuginfo-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-devel-debuginfo-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-locale-debuginfo-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glibc-profile-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-debuginfo-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-debugsource-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-debuginfo-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-debuginfo-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"nscd-2.19-22.16.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"0", cpu:"x86_64", reference:"nscd-debuginfo-2.19-22.16.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-494.NASL
    descriptionSeveral vulnerabilities have been fixed in the Debian GNU C Library, eglibc : CVE-2016-1234 Alexander Cherepanov discovered that the glibc
    last seen2020-03-17
    modified2016-05-31
    plugin id91361
    published2016-05-31
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91361
    titleDebian DLA-494-1 : eglibc security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-494-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91361);
      script_version("2.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706");
    
      script_name(english:"Debian DLA-494-1 : eglibc security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been fixed in the Debian GNU C Library,
    eglibc :
    
    CVE-2016-1234
    
    Alexander Cherepanov discovered that the glibc's glob implementation
    suffered from a stack-based buffer overflow when it was called with
    the GLOB_ALTDIRFUNC flag and encountered a long file name.
    
    CVE-2016-3075
    
    The getnetbyname implementation in nss_dns was susceptible to a stack
    overflow and a crash if it was invoked on a very long name.
    
    CVE-2016-3706
    
    Michael Petlan reported that getaddrinfo copied large amounts of
    address data to the stack, possibly leading to a stack overflow. This
    complements the fix for CVE-2013-4458.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    2.13-38+deb7u11.
    
    We recommend you to upgrade your eglibc packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2016/05/msg00047.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/eglibc"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:eglibc-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-dev-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-dev-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-pic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc0.1-prof");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-mips64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-mipsn32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-ppc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-sparc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-loongson2f");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-mips64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-mipsn32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-pic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-ppc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-prof");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-s390");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-sparc64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-pic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6.1-prof");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:multiarch-support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/31");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"eglibc-source", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"glibc-doc", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc-bin", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc-dev-bin", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-dbg", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-dev", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-dev-i386", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-i386", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-i686", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-pic", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc0.1-prof", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-amd64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dbg", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-amd64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-i386", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-mips64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-mipsn32", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-ppc64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-s390", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-s390x", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-dev-sparc64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-i386", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-i686", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-loongson2f", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-mips64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-mipsn32", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-pic", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-ppc64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-prof", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-s390", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-s390x", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-sparc64", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6-xen", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-dbg", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-dev", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-pic", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"libc6.1-prof", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"locales", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"locales-all", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"multiarch-support", reference:"2.13-38+deb7u11")) flag++;
    if (deb_check(release:"7.0", prefix:"nscd", reference:"2.13-38+deb7u11")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL06493172.NASL
    descriptionStack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)
    last seen2020-03-28
    modified2018-12-18
    plugin id119732
    published2018-12-18
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119732
    titleF5 Networks BIG-IP : glibc vulnerability (K06493172)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K06493172.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119732);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");
    
      script_cve_id("CVE-2013-4458", "CVE-2016-3706");
      script_bugtraq_id(63299);
    
      script_name(english:"F5 Networks BIG-IP : glibc vulnerability (K06493172)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Stack-based buffer overflow in the getaddrinfo function in
    sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6)
    allows remote attackers to cause a denial of service (crash) via
    vectors involving hostent conversion. NOTE: this vulnerability exists
    because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K06493172"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K06493172."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K06493172";
    vmatrix = make_array();
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1");
    vmatrix["AFM"]["unaffected"] = make_list("14.1.0");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1");
    vmatrix["AM"]["unaffected"] = make_list("14.1.0");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["APM"]["unaffected"] = make_list("14.1.0");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["ASM"]["unaffected"] = make_list("14.1.0");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1");
    vmatrix["AVR"]["unaffected"] = make_list("14.1.0");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["LC"]["unaffected"] = make_list("14.1.0");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1","11.2.1","10.2.1-10.2.4");
    vmatrix["LTM"]["unaffected"] = make_list("14.1.0");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("14.0.0","13.0.0-13.1.1","12.0.0-12.1.3","11.4.0-11.6.1");
    vmatrix["PEM"]["unaffected"] = make_list("14.1.0");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2156-1.NASL
    descriptionThis update for glibc fixes the following issues : - Drop old fix that could break services that start before IPv6 is up. (bsc#931399) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Relocate DSOs in dependency order, fixing a potential crash during symbol relocation phase. (bsc#986302) - Fix nscd assertion failure in gc. (bsc#965699) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93309
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93309
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:2156-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93309);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22");
    
      script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429");
    
      script_name(english:"SUSE SLES11 Security Update : glibc (SUSE-SU-2016:2156-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for glibc fixes the following issues :
    
      - Drop old fix that could break services that start before
        IPv6 is up. (bsc#931399)
    
      - Do not copy d_name field of struct dirent.
        (CVE-2016-1234, bsc#969727)
    
      - Fix memory leak in _nss_dns_gethostbyname4_r.
        (bsc#973010)
    
      - Relocate DSOs in dependency order, fixing a potential
        crash during symbol relocation phase. (bsc#986302)
    
      - Fix nscd assertion failure in gc. (bsc#965699)
    
      - Fix stack overflow in _nss_dns_getnetbyname_r.
        (CVE-2016-3075, bsc#973164)
    
      - Fix getaddrinfo stack overflow in hostent conversion.
        (CVE-2016-3706, bsc#980483)
    
      - Do not use alloca in clntudp_call. (CVE-2016-4429,
        bsc#980854)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=931399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=965699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973164"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=986302"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1234/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3075/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3706/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4429/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20162156-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e736d9c3"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-glibc-12712=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-glibc-12712=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-glibc-12712=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-devel-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-locale-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"glibc-profile-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-devel-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-html-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-i18ndata-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-info-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-locale-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-profile-2.11.3-17.102.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"nscd-2.11.3-17.102.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1733-1.NASL
    descriptionThis update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) - Remove mtrace.1, now included in the man-pages package. (bsc#967190) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93175
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93175
    titleSUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1733-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93175);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22");
    
      script_cve_id("CVE-2016-1234", "CVE-2016-3075", "CVE-2016-3706", "CVE-2016-4429");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2016:1733-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "This update for glibc provides the following fixes :
    
      - Increase DTV_SURPLUS limit. (bsc#968787)
    
      - Do not copy d_name field of struct dirent.
        (CVE-2016-1234, bsc#969727)
    
      - Fix memory leak in _nss_dns_gethostbyname4_r.
        (bsc#973010)
    
      - Fix stack overflow in _nss_dns_getnetbyname_r.
        (CVE-2016-3075, bsc#973164)
    
      - Fix malloc performance regression from SLE 11.
        (bsc#975930)
    
      - Fix getaddrinfo stack overflow in hostent conversion.
        (CVE-2016-3706, bsc#980483)
    
      - Do not use alloca in clntudp_call. (CVE-2016-4429,
        bsc#980854)
    
      - Remove mtrace.1, now included in the man-pages package.
        (bsc#967190)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=967190"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=968787"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973164"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=975930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980854"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1234/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3075/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3706/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4429/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161733-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dc46cc7a"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1021=1
    
    SUSE Linux Enterprise Server 12-SP1 :
    
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1021=1
    
    SUSE Linux Enterprise Desktop 12-SP1 :
    
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1021=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-debuginfo-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-debugsource-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-debuginfo-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-debuginfo-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-profile-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"nscd-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"nscd-debuginfo-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-debuginfo-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-devel-debuginfo-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-locale-debuginfo-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glibc-profile-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-debuginfo-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-debugsource-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-debuginfo-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-debuginfo-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"nscd-2.19-38.2")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"nscd-debuginfo-2.19-38.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3239-3.NASL
    descriptionUSN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2016-3706 introduced a regression that in some circumstances prevented IPv6 addresses from resolving. This update reverts the change in Ubuntu 12.04 LTS. We apologize for the error. It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97936
    published2017-03-24
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97936
    titleUbuntu 12.04 LTS : eglibc regression (USN-3239-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3239-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(97936);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/22");
    
      script_cve_id("CVE-2015-8982", "CVE-2015-8983", "CVE-2015-8984", "CVE-2016-1234", "CVE-2016-3706", "CVE-2016-4429", "CVE-2016-5417", "CVE-2016-6323");
      script_xref(name:"USN", value:"3239-3");
    
      script_name(english:"Ubuntu 12.04 LTS : eglibc regression (USN-3239-3)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,
    the fix for CVE-2016-3706 introduced a regression that in some
    circumstances prevented IPv6 addresses from resolving. This update
    reverts the change in Ubuntu 12.04 LTS. We apologize for the error.
    
    It was discovered that the GNU C Library incorrectly handled the
    strxfrm() function. An attacker could use this issue to cause a denial
    of service or possibly execute arbitrary code. This issue only
    affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)
    
    It was discovered that an integer overflow existed in the
    _IO_wstr_overflow() function of the GNU C Library. An
    attacker could use this to cause a denial of service or
    possibly execute arbitrary code. This issue only affected
    Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983)
    
    It was discovered that the fnmatch() function in the GNU C
    Library did not properly handle certain malformed patterns.
    An attacker could use this to cause a denial of service.
    This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04
    LTS. (CVE-2015-8984)
    
    Alexander Cherepanov discovered a stack-based buffer
    overflow in the glob implementation of the GNU C Library. An
    attacker could use this to specially craft a directory
    layout and cause a denial of service. (CVE-2016-1234)
    
    Michael Petlan discovered an unbounded stack allocation in
    the getaddrinfo() function of the GNU C Library. An attacker
    could use this to cause a denial of service. (CVE-2016-3706)
    
    Aldy Hernandez discovered an unbounded stack allocation in
    the sunrpc implementation in the GNU C Library. An attacker
    could use this to cause a denial of service. (CVE-2016-4429)
    
    Tim Ruehsen discovered that the getaddrinfo() implementation
    in the GNU C Library did not properly track memory
    allocations. An attacker could use this to cause a denial of
    service. This issue only affected Ubuntu 16.04 LTS.
    (CVE-2016-5417)
    
    Andreas Schwab discovered that the GNU C Library on ARM
    32-bit platforms did not properly set up execution contexts.
    An attacker could use this to cause a denial of service.
    (CVE-2016-6323).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3239-3/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected libc6 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/03/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libc6", pkgver:"2.15-0ubuntu10.18")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0013.NASL
    descriptionAn update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111862
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111862
    titlePhoton OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0013. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111862);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id(
        "CVE-2016-1234",
        "CVE-2016-1546",
        "CVE-2016-3075",
        "CVE-2016-3706",
        "CVE-2016-4429",
        "CVE-2016-6313",
        "CVE-2016-6318",
        "CVE-2016-10195",
        "CVE-2016-10196",
        "CVE-2016-10197"
      );
    
      script_name(english:"Photon OS 1.0: Cracklib / Glibc / Httpd / Libevent / Libgcrypt PHSA-2017-0013 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of [cracklib,libevent,libgcrypt,httpd,glibc] packages for
    PhotonOS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-37
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d5405b83");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4429");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:cracklib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libevent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libgcrypt");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "cracklib-2.9.6-3.ph1",
      "cracklib-debuginfo-2.9.6-3.ph1",
      "cracklib-devel-2.9.6-3.ph1",
      "cracklib-dicts-2.9.6-3.ph1",
      "cracklib-lang-2.9.6-3.ph1",
      "cracklib-python-2.9.6-3.ph1",
      "glibc-2.22-10.ph1",
      "glibc-devel-2.22-10.ph1",
      "glibc-lang-2.22-10.ph1",
      "httpd-2.4.25-2.ph1",
      "httpd-debuginfo-2.4.25-2.ph1",
      "httpd-devel-2.4.25-2.ph1",
      "httpd-docs-2.4.25-2.ph1",
      "httpd-tools-2.4.25-2.ph1",
      "libevent-2.1.8-1.ph1",
      "libevent-debuginfo-2.1.8-1.ph1",
      "libevent-devel-2.1.8-1.ph1",
      "libgcrypt-1.7.6-1.ph1",
      "libgcrypt-debuginfo-1.7.6-1.ph1",
      "libgcrypt-devel-1.7.6-1.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cracklib / glibc / httpd / libevent / libgcrypt");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-B0E67C88B5.NASL
    descriptionThis update addresses a minor security bug (CVE-2016-3706) and works around a bug in Address Sanitizer (ASAN) which would cause ASAN-enabled binaries to fail after the update to glibc-2.22-16.fc23 (Fedora#1335011). Locale updates are included as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-14
    plugin id92144
    published2016-07-14
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92144
    titleFedora 23 : glibc (2016-b0e67c88b5)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-b0e67c88b5.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92144);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-3706");
      script_xref(name:"FEDORA", value:"2016-b0e67c88b5");
    
      script_name(english:"Fedora 23 : glibc (2016-b0e67c88b5)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update addresses a minor security bug (CVE-2016-3706) and works
    around a bug in Address Sanitizer (ASAN) which would cause
    ASAN-enabled binaries to fail after the update to glibc-2.22-16.fc23
    (Fedora#1335011). Locale updates are included as well.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0e67c88b5"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected glibc package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glibc");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"glibc-2.22-16.fc23")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0024_GLIBC.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string. (CVE-2017-15670) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation. (CVE-2017-12132) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator. (CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash). (CVE-2015-5180) - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process. (CVE-2014-9402) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. (CVE-2018-1000001) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458. (CVE-2016-3706) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127183
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127183
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0024. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127183);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/27");
    
      script_cve_id(
        "CVE-2014-9402",
        "CVE-2015-5180",
        "CVE-2016-3706",
        "CVE-2017-12132",
        "CVE-2017-15670",
        "CVE-2017-15804",
        "CVE-2018-1000001"
      );
    
      script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0024)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by
    multiple vulnerabilities:
    
      - The GNU C Library (aka glibc or libc6) before 2.27
        contains an off-by-one error leading to a heap-based
        buffer overflow in the glob function in glob.c, related
        to the processing of home directories using the ~
        operator followed by a long string. (CVE-2017-15670)
    
      - The DNS stub resolver in the GNU C Library (aka glibc or
        libc6) before version 2.26, when EDNS support is
        enabled, will solicit large UDP responses from name
        servers, potentially simplifying off-path DNS spoofing
        attacks due to IP fragmentation. (CVE-2017-12132)
    
      - The glob function in glob.c in the GNU C Library (aka
        glibc or libc6) before 2.27 contains a buffer overflow
        during unescaping of user names with the ~ operator.
        (CVE-2017-15804)
    
      - res_query in libresolv in glibc before 2.25 allows
        remote attackers to cause a denial of service (NULL
        pointer dereference and process crash). (CVE-2015-5180)
    
      - The nss_dns implementation of getnetbyname in GNU C
        Library (aka glibc) before 2.21, when the DNS backend in
        the Name Service Switch configuration is enabled, allows
        remote attackers to cause a denial of service (infinite
        loop) by sending a positive answer while a network name
        is being process. (CVE-2014-9402)
    
      - In glibc 2.26 and earlier there is confusion in the
        usage of getcwd() by realpath() which can be used to
        write before the destination buffer leading to a buffer
        underflow and potential code execution.
        (CVE-2018-1000001)
    
      - Stack-based buffer overflow in the getaddrinfo function
        in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka
        glibc or libc6) allows remote attackers to cause a
        denial of service (crash) via vectors involving hostent
        conversion. NOTE: this vulnerability exists because of
        an incomplete fix for CVE-2013-4458. (CVE-2016-3706)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0024");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15804");
    
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'glibc realpath() Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL CORE 5.04" &&
        release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL CORE 5.04": [
        "glibc-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-common-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-debuginfo-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-debuginfo-common-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-devel-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-headers-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-i18n-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-iconv-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-lang-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-locale-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-static-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-tools-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "glibc-utils-2.17-222.el7.cgslv5lite.0.6.g0d82438",
        "nscd-2.17-222.el7.cgslv5lite.0.6.g0d82438"
      ],
      "CGSL MAIN 5.04": [
        "glibc-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "glibc-common-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "glibc-debuginfo-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "glibc-debuginfo-common-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "glibc-devel-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "glibc-headers-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "glibc-static-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "glibc-utils-2.17-222.el7.cgslv5.0.1.gd23aea5",
        "nscd-2.17-222.el7.cgslv5.0.1.gd23aea5"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0013_GLIBC.NASL
    descriptionAn update of the glibc package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121682
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121682
    titlePhoton OS 1.0: Glibc PHSA-2017-0013
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-852.NASL
    descriptionThis update for glibc provides the following fixes : - Increase DTV_SURPLUS limit. (bsc#968787) - Do not copy d_name field of struct dirent. (CVE-2016-1234, bsc#969727) - Fix memory leak in _nss_dns_gethostbyname4_r. (bsc#973010) - Fix stack overflow in _nss_dns_getnetbyname_r. (CVE-2016-3075, bsc#973164) - Fix malloc performance regression from SLE 11. (bsc#975930) - Fix getaddrinfo stack overflow in hostent conversion. (CVE-2016-3706, bsc#980483) - Do not use alloca in clntudp_call. (CVE-2016-4429, bsc#980854) - Remove mtrace.1, now included in the man-pages package. (bsc#967190) This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen2020-06-05
    modified2016-07-11
    plugin id91987
    published2016-07-11
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91987
    titleopenSUSE Security Update : glibc (openSUSE-2016-852)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1551.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778) - A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132) - It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.(CVE-2012-4424) - It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application.(CVE-2015-8777) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.(CVE-2013-2207) - A stack overflow flaw was found in glibc
    last seen2020-03-17
    modified2019-05-14
    plugin id125004
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125004
    titleEulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-699.NASL
    descriptionThis update for glibc fixes the following issues : - glob-altdirfunc.patch: Do not copy d_name field of struct dirent (CVE-2016-1234, boo#969727, BZ #19779) - nss-dns-memleak-2.patch: fix memory leak in _nss_dns_gethostbyname4_r (boo#973010) - nss-dns-getnetbyname.patch: fix stack overflow in _nss_dns_getnetbyname_r (CVE-2016-3075, boo#973164, BZ #19879) - getaddrinfo-hostent-conv-stack-overflow.patch: getaddrinfo stack overflow in hostent conversion (CVE-2016-3706, boo#980483, BZ #20010) - clntudp-call-alloca.patch: do not use alloca in clntudp_call (CVE-2016-4429, boo#980854, BZ #20112)
    last seen2020-06-05
    modified2016-06-09
    plugin id91534
    published2016-06-09
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91534
    titleopenSUSE Security Update : glibc (openSUSE-2016-699)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3239-2.NASL
    descriptionUSN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately, the fix for CVE-2015-5180 introduced an internal ABI change within the resolver library. This update reverts the change. We apologize for the inconvenience. Please note that long-running services that were restarted to compensate for the USN-3239-1 update may need to be restarted again. It was discovered that the GNU C Library incorrectly handled the strxfrm() function. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982) It was discovered that an integer overflow existed in the _IO_wstr_overflow() function of the GNU C Library. An attacker could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8983) It was discovered that the fnmatch() function in the GNU C Library did not properly handle certain malformed patterns. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984) Alexander Cherepanov discovered a stack-based buffer overflow in the glob implementation of the GNU C Library. An attacker could use this to specially craft a directory layout and cause a denial of service. (CVE-2016-1234) Florian Weimer discovered a NULL pointer dereference in the DNS resolver of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2015-5180) Michael Petlan discovered an unbounded stack allocation in the getaddrinfo() function of the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-3706) Aldy Hernandez discovered an unbounded stack allocation in the sunrpc implementation in the GNU C Library. An attacker could use this to cause a denial of service. (CVE-2016-4429) Tim Ruehsen discovered that the getaddrinfo() implementation in the GNU C Library did not properly track memory allocations. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-5417) Andreas Schwab discovered that the GNU C Library on ARM 32-bit platforms did not properly set up execution contexts. An attacker could use this to cause a denial of service. (CVE-2016-6323). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id97887
    published2017-03-22
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97887
    titleUbuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eglibc, glibc regression (USN-3239-2)