Vulnerabilities > CVE-2017-15671 - Missing Release of Resource after Effective Lifetime vulnerability in GNU Glibc

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

gnu

CWE-772

nessus

NVD

Published: 2017-10-20

Updated: 2019-10-03

Summary

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Glibc - GNU Glibc 0.1 GNU Glibc 0.4 GNU Glibc 0.4.1 GNU Glibc 0.5 GNU Glibc 0.6 GNU Glibc 1.00 GNU Glibc 1.01 GNU Glibc 1.02 GNU Glibc 1.03 GNU Glibc 1.04 GNU Glibc 1.05 GNU Glibc 1.06 GNU Glibc 1.06.1 GNU Glibc 1.06.2 GNU Glibc 1.06.3 GNU Glibc 1.06.4 GNU Glibc 1.06.6 GNU Glibc 1.06.7 GNU Glibc 1.06.8 GNU Glibc 1.06.9 GNU Glibc 1.06.10 GNU Glibc 1.06.11 GNU Glibc 1.06.12 GNU Glibc 1.06.13 GNU Glibc 1.07 GNU Glibc 1.07.1 GNU Glibc 1.07.2 GNU Glibc 1.07.3 GNU Glibc 1.07.4 GNU Glibc 1.07.5 GNU Glibc 1.07.6 GNU Glibc 1.08 GNU Glibc 1.08.1 GNU Glibc 1.08.3 GNU Glibc 1.08.4 GNU Glibc 1.08.5 GNU Glibc 1.08.6 GNU Glibc 1.08.7 GNU Glibc 1.08.8 GNU Glibc 1.08.9 GNU Glibc 1.08.10 GNU Glibc 1.08.11 GNU Glibc 1.08.12 GNU Glibc 1.08.13 GNU Glibc 1.08.14 GNU Glibc 1.09 GNU Glibc 1.09.1 GNU Glibc 1.09.2 GNU Glibc 1.09.3 GNU Glibc 1.09.5 GNU Glibc 2.0 GNU Glibc 2.0.1 GNU Glibc 2.0.2 GNU Glibc 2.0.3 GNU Glibc 2.0.4 GNU Glibc 2.0.5 GNU Glibc 2.0.6 GNU Glibc 2.1 GNU Glibc 2.1.1 GNU Glibc 2.1.1.6 GNU Glibc 2.1.2 GNU Glibc 2.1.3 GNU Glibc 2.1.3.10 GNU Glibc 2.1.9 GNU Glibc 2.2 GNU Glibc 2.2.1 GNU Glibc 2.2.2 GNU Glibc 2.2.3 GNU Glibc 2.2.4 GNU Glibc 2.2.5 GNU Glibc 2.3 GNU Glibc 2.3.1 GNU Glibc 2.3.2 GNU Glibc 2.3.3 GNU Glibc 2.3.4 GNU Glibc 2.3.5 GNU Glibc 2.3.6 GNU Glibc 2.3.10 GNU Glibc 2.4 GNU Glibc 2.5 GNU Glibc 2.5.1 GNU Glibc 2.6 GNU Glibc 2.6.1 GNU Glibc 2.7 GNU Glibc 2.8 GNU Glibc 2.9 GNU Glibc 2.10 GNU Glibc 2.10.1 GNU Glibc 2.10.2 GNU Glibc 2.11 GNU Glibc 2.11.1 GNU Glibc 2.11.2 GNU Glibc 2.11.3 GNU Glibc 2.12 GNU Glibc 2.12.0 GNU Glibc 2.12.1 GNU Glibc 2.12.2 GNU Glibc 2.13 GNU Glibc 2.14 GNU Glibc 2.14.1 GNU Glibc 2.15 GNU Glibc 2.16 GNU Glibc 2.17 GNU Glibc 2.18 GNU Glibc 2.19 GNU Glibc 2.20 GNU Glibc 2.21 GNU Glibc 2.22 GNU Glibc 2.23 GNU Glibc 2.24 GNU Glibc 2.25 GNU Glibc 2.26	120

Common Weakness Enumeration (CWE)

CWE-772 - Missing Release of Resource after Effective Lifetime

Common Attack Pattern Enumeration and Classification (CAPEC)

HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2018-30.NASL
description	This update for glibc fixes the following issues : - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] This update was imported from the SUSE:SLE-12-SP2:Update update project.
last seen	2020-06-05
modified	2018-01-16
plugin id	106059
published	2018-01-16
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106059
title	openSUSE Security Update : glibc (openSUSE-2018-30)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-30. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(106059); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2017-1000408", "CVE-2017-1000409", "CVE-2017-15670", "CVE-2017-15671", "CVE-2017-15804", "CVE-2017-16997", "CVE-2018-1000001"); script_name(english:"openSUSE Security Update : glibc (openSUSE-2018-30)"); script_summary(english:"Check for the openSUSE-2018-30 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for glibc fixes the following issues : - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051042" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053188" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1063675" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064569" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064580" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1064583" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1070905" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1071319" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1073231" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1074293" ); script_set_attribute( attribute:"solution", value:"Update the affected glibc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'glibc "realpath()" Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-i18ndata"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-obsolete"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-obsolete-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nscd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nscd-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release =~ "^(SLED\|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2\|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586\|i686\|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"glibc-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-debugsource-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-devel-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-devel-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-devel-static-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-extra-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-extra-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-html-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-i18ndata-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-info-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-locale-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-locale-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-obsolete-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-obsolete-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-profile-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-utils-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-utils-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"glibc-utils-debugsource-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"nscd-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"nscd-debuginfo-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"glibc-utils-32bit-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"glibc-utils-debuginfo-32bit-2.22-4.12.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-debugsource-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-devel-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-devel-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-devel-static-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-extra-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-extra-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-html-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-i18ndata-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-info-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-locale-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-locale-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-obsolete-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-obsolete-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-profile-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-utils-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-utils-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"glibc-utils-debugsource-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nscd-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"nscd-debuginfo-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-devel-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-devel-static-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-locale-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-profile-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-utils-32bit-2.22-10.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"glibc-utils-debuginfo-32bit-2.22-10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc-utils / glibc-utils-32bit / glibc-utils-debuginfo / etc"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0060.NASL
description	An update of {'libtiff', 'glibc', 'libsoup'} packages of Photon OS has been released.
last seen	2019-02-21
modified	2019-02-07
plugin id	111309
published	2018-07-24
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=111309
title	Photon OS 2.0 : libtiff / glibc / libsoup (PhotonOS-PHSA-2018-2.0-0060) (deprecated)
code	# # (C) Tenable Network Security, Inc. # # @DEPRECATED@ # # Disabled on 2/7/2019 # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0060. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(111309); script_version("1.2"); script_cvs_date("Date: 2019/02/07 18:59:51"); script_cve_id("CVE-2017-2885", "CVE-2017-15671", "CVE-2018-10963"); script_bugtraq_id(101517, 100258); script_name(english:"Photon OS 2.0 : libtiff / glibc / libsoup (PhotonOS-PHSA-2018-2.0-0060) (deprecated)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "This plugin has been deprecated."); script_set_attribute(attribute:"description", value: "An update of {'libtiff', 'glibc', 'libsoup'} packages of Photon OS has been released."); # https://github.com/vmware/photon/wiki/Security-Updates-2-60 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1020fda6"); script_set_attribute(attribute:"solution", value:"n/a."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-2885"); script_set_attribute(attribute:"patch_publication_date", value:"2018/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libtiff"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:libsoup"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } exit(0, "This plugin has been deprecated."); include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; pkgs = [ "glibc-2.26-11.ph2", "glibc-debuginfo-2.26-11.ph2", "glibc-devel-2.26-11.ph2", "glibc-i18n-2.26-11.ph2", "glibc-iconv-2.26-11.ph2", "glibc-lang-2.26-11.ph2", "glibc-nscd-2.26-11.ph2", "glibc-tools-2.26-11.ph2", "libsoup-2.57.1-3.ph2", "libsoup-debuginfo-2.57.1-3.ph2", "libsoup-devel-2.57.1-3.ph2", "libsoup-doc-2.57.1-3.ph2", "libsoup-lang-2.57.1-3.ph2", "libtiff-4.0.9-6.ph2", "libtiff-debuginfo-4.0.9-6.ph2", "libtiff-devel-4.0.9-6.ph2" ]; foreach (pkg in pkgs) if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtiff / glibc / libsoup"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2018-8E27AD96ED.NASL
description	This update addresses two security vulnerabilities : - CVE-2017-15670, CVE-2017-15671, CVE-2017-15804: Various vulnerabilities could lead to memory corruption in the `glob` and `glob64` function. (RHBZ#1505298, RHBZ##1504807) - CVE-2017-16997: Check for empty tokens before dynamic string token expansion in the dynamic linker, so that pre-existing privileged programs with `$ORIGIN` rpaths/runpaths do not cause the dynamic linker to search the current directory, potentially leading to privilege escalation. (RHBZ#1526866). - CVE-2018-1000001: `getcwd` would sometimes return a non-absolute path, confusing the `realpath` function, leading to privilege escalation in conjunction with user namespaces. (RHBZ#1533837) In addition, this update replaces the dynamic linker trampoline on x86-64 with a version which uses the `XSAVE` instruction if it is available. This improves compatibility with future hardware and compilers which do not follow the x86-64 ABI. This update also adjusts the thread stack size accounting to provide additional stack space compared to previous glibc versions (to avoid introducing RHBZ#1527887). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-01-24
plugin id	106281
published	2018-01-24
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106281
title	Fedora 26 : glibc (2018-8e27ad96ed)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-4067-1.NASL
description	This update for glibc fixes the following issues : Security issue fixed : CVE-2017-15671: Fixed memory leak in glob with GLOB_TILDE (bsc#1064569, BZ #22325). Non-security issue fixed: Avoid access beyond memory bounds in pthread_attr_getaffinity_np (bsc#1110170, BZ #15618). Remove improper assert in dlclose (bsc#1110174, BZ #11941). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-04-30
modified	2018-12-11
plugin id	119579
published	2018-12-11
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/119579
title	SUSE SLES11 Security Update : Recommended update for glibc (SUSE-SU-2018:4067-1)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-0D3FDD3D1F.NASL
description	This update adds support for the IBM858 codepage (RHBZ#1416405). It moves the `nss_compat` NSS service module to the main glibc package (RHBZ#1400538). As a security hardening measure, stdio streams are no longer flushed on process abort/assertion failure (RHBZ#1498880). `/var/db/Makefile` is now included in the `nss_db` package (RHBZ#1498900). Fixes installation related failures for IBM z Series (RHBZ#1499260). Two security fixes for the `glob` function are provided (CVE-2017-15670, CVE-2017-15671, RHBZ#1504807). An error in the `sysconf` function which caused it to return -1 for `_SC_IOV_MAX` has been corrected (RHBZ#1504165). The included upstream update from the glibc 2.26 stable branch improves C++ compatibility for ` <math.h>` functions and fixes a memory leak in malloc when thread local caches are in use. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2018-01-15
plugin id	105814
published	2018-01-15
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/105814
title	Fedora 27 : glibc (2017-0d3fdd3d1f)

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2018-2_0-0060_GLIBC.NASL
description	An update of the glibc package has been released.
last seen	2020-03-17
modified	2019-02-07
plugin id	121956
published	2019-02-07
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/121956
title	Photon OS 2.0: Glibc PHSA-2018-2.0-0060

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2185-1.NASL
description	This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580). - CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583). - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569). - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). - CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	111546
published	2018-08-06
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111546
title	SUSE SLES12 Security Update : glibc (SUSE-SU-2018:2185-1)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201804-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-201804-02 (glibc: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code, escalate privileges, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	108822
published	2018-04-04
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108822
title	GLSA-201804-02 : glibc: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-2187-1.NASL
description	This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-15804: Fix buffer overflow during unescaping of user names in the glob function in glob.c (bsc#1064580). - CVE-2017-15670: Fix buffer overflow in glob with GLOB_TILDE (bsc#1064583). - CVE-2017-15671: Fix memory leak in glob with GLOB_TILDE (bsc#1064569). - CVE-2018-11236: Fix 32bit arch integer overflow in stdlib/canonicalize.c when processing very long pathname arguments (bsc#1094161). - CVE-2017-12132: Reduce advertised EDNS0 buffer size to guard against fragmentation attacks (bsc#1051791). - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	111547
published	2018-08-06
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111547
title	SUSE SLES12 Security Update : glibc (SUSE-SU-2018:2187-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2018-0074-1.NASL
description	This update for glibc fixes the following issues : - A privilege escalation bug in the realpath() function has been fixed. [CVE-2018-1000001, bsc#1074293] - A memory leak and a buffer overflow in the dynamic ELF loader has been fixed. [CVE-2017-1000408, CVE-2017-1000409, bsc#1071319] - An issue in the code handling RPATHs was fixed that could have been exploited by an attacker to execute code loaded from arbitrary libraries. [CVE-2017-16997, bsc#1073231] - A potential crash caused by a use-after-free bug in pthread_create() has been fixed. [bsc#1053188] - A bug that prevented users to build shared objects which use the optimized libmvec.so API has been fixed. [bsc#1070905] - A memory leak in the glob() function has been fixed. [CVE-2017-15670, CVE-2017-15671, CVE-2017-15804, bsc#1064569, bsc#1064580, bsc#1064583] - A bug that would lose the syscall error code value in case of crashes has been fixed. [bsc#1063675] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	106044
published	2018-01-15
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/106044
title	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0074-1)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

References