Vulnerabilities > CVE-2017-15671 - Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- HTTP DoS An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-30.NASL description This update for glibc fixes the following issues : - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2018-01-16 plugin id 106059 published 2018-01-16 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106059 title openSUSE Security Update : glibc (openSUSE-2018-30) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-30. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106059); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000408", "CVE-2017-1000409", "CVE-2017-15670", "CVE-2017-15671", "CVE-2017-15804", "CVE-2017-16997", "CVE-2018-1000001"); script_name(english:"openSUSE Security Update : glibc (openSUSE-2018-30)"); script_summary(english:"Check for the openSUSE-2018-30 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for glibc fixes the following issues : - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051042" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064569" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070905" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071319" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1073231" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1074293" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'glibc "realpath()" Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-obsolete"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nscd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nscd-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"glibc-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-debugsource-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-devel-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-devel-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-devel-static-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-extra-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-extra-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-html-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-i18ndata-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-info-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-locale-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-locale-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-obsolete-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-obsolete-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-profile-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-utils-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-utils-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-utils-debugsource-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"nscd-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"nscd-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"glibc-utils-32bit-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"glibc-utils-debuginfo-32bit-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-debugsource-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-devel-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-devel-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-devel-static-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-extra-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-extra-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-html-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-i18ndata-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-info-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-locale-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-locale-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-obsolete-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-obsolete-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-profile-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-utils-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-utils-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-utils-debugsource-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nscd-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nscd-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-devel-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-devel-static-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-locale-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-profile-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-utils-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-utils-debuginfo-32bit-2.22-10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc-utils / glibc-utils-32bit / glibc-utils-debuginfo / etc"); }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0060.NASL description An update of {'libtiff', 'glibc', 'libsoup'} packages of Photon OS has been released. last seen 2019-02-21 modified 2019-02-07 plugin id 111309 published 2018-07-24 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111309 title Photon OS 2.0 : libtiff / glibc / libsoup (PhotonOS-PHSA-2018-2.0-0060) (deprecated) code # # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0060. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111309); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:51"); script_cve_id("CVE-2017-2885", "CVE-2017-15671", "CVE-2018-10963"); script_bugtraq_id(101517, 100258); script_name(english:"Photon OS 2.0 : libtiff / glibc / libsoup (PhotonOS-PHSA-2018-2.0-0060) (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of {'libtiff', 'glibc', 'libsoup'} packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-60 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1020fda6"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-2885"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libsoup"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "glibc-2.26-11.ph2", "glibc-debuginfo-2.26-11.ph2", "glibc-devel-2.26-11.ph2", "glibc-i18n-2.26-11.ph2", "glibc-iconv-2.26-11.ph2", "glibc-lang-2.26-11.ph2", "glibc-nscd-2.26-11.ph2", "glibc-tools-2.26-11.ph2", "libsoup-2.57.1-3.ph2", "libsoup-debuginfo-2.57.1-3.ph2", "libsoup-devel-2.57.1-3.ph2", "libsoup-doc-2.57.1-3.ph2", "libsoup-lang-2.57.1-3.ph2", "libtiff-4.0.9-6.ph2", "libtiff-debuginfo-4.0.9-6.ph2", "libtiff-devel-4.0.9-6.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / glibc / libsoup"); }NASL family Fedora Local Security Checks NASL id FEDORA_2018-8E27AD96ED.NASL description This update addresses two security vulnerabilities : - CVE-2017-15670, CVE-2017-15671, CVE-2017-15804: Various vulnerabilities could lead to memory corruption in the `glob` and `glob64` function. (RHBZ#1505298, RHBZ##1504807) - CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with `$ORIGIN` rpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (RHBZ#1526866). - CVE-2018-1000001: `getcwd` would sometimes return a non-absolute path, confusing the `realpath` function, leading to privilege escalation in conjunction with user namespaces. (RHBZ#1533837) In addition, this update replaces the dynamic linker trampoline on x86-64 with a version which uses the `XSAVE` instruction if it is available. This improves compatibility with future hardware and compilers which do not follow the x86-64 ABI. This update also adjusts the thread stack size accounting to provide additional stack space compared to previous glibc versions (to avoid introducing RHBZ#1527887). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-24 plugin id 106281 published 2018-01-24 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106281 title Fedora 26 : glibc (2018-8e27ad96ed) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-4067-1.NASL description This update for glibc fixes the following issues : Security issue fixed : CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). Remove improper assert in dlclose (bsc#1110174, BZ #11941). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2018-12-11 plugin id 119579 published 2018-12-11 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119579 title SUSE SLES11 Security Update : Recommended update for glibc (SUSE-SU-2018:4067-1) NASL family Fedora Local Security Checks NASL id FEDORA_2017-0D3FDD3D1F.NASL description This update adds support for the IBM858 codepage (RHBZ#1416405). It moves the `nss_compat` NSS service module to the main glibc package (RHBZ#1400538). As a security hardening measure, stdio streams are no longer flushed on process abort/assertion failure (RHBZ#1498880). `/var/db/Makefile` is now included in the `nss_db` package (RHBZ#1498900). Fixes installation related failures for IBM z Series (RHBZ#1499260). Two security fixes for the `glob` function are provided (CVE-2017-15670, CVE-2017-15671, RHBZ#1504807). An error in the `sysconf` function which caused it to return -1 for `_SC_IOV_MAX` has been corrected (RHBZ#1504165). The included upstream update from the glibc 2.26 stable branch improves C++ compatibility for ` <math.h>` functions and fixes a memory leak in malloc when thread local caches are in use. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-01-15 plugin id 105814 published 2018-01-15 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105814 title Fedora 27 : glibc (2017-0d3fdd3d1f) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0060_GLIBC.NASL description An update of the glibc package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121956 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121956 title Photon OS 2.0: Glibc PHSA-2018-2.0-0060 NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2185-1.NASL description This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580). - CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583). - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569). - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). - CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111546 published 2018-08-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111546 title SUSE SLES12 Security Update : glibc (SUSE-SU-2018:2185-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201804-02.NASL description The remote host is affected by the vulnerability described in GLSA-201804-02 (glibc: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code, escalate privileges, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 108822 published 2018-04-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/108822 title GLSA-201804-02 : glibc: Multiple vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2187-1.NASL description This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580). - CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583). - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569). - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). - CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791). - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 111547 published 2018-08-06 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111547 title SUSE SLES12 Security Update : glibc (SUSE-SU-2018:2187-1) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-0074-1.NASL description This update for glibc fixes the following issues : - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 106044 published 2018-01-15 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106044 title SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0074-1)