Vulnerabilities > CVE-2019-19126 - Improper Initialization vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 3 | |
OS | 2 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0262-1.NASL description This update for glibc fixes the following issues : Security issue fixed : CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes : Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). Fixed Hardware support in toolchain (bsc#1151582). Fixed syscalls during early process initialization (SLE-8348). Fixed an array overflow in backtrace for PowerPC (bsc#1158996). Moved to posix_spawn on popen (bsc#1149332). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133391 published 2020-01-31 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133391 title SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2020:0262-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2020:0262-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(133391); script_version("1.2"); script_cvs_date("Date: 2020/02/04"); script_cve_id("CVE-2019-19126"); script_name(english:"SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2020:0262-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for glibc fixes the following issues : Security issue fixed : CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes : Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). Fixed Hardware support in toolchain (bsc#1151582). Fixed syscalls during early process initialization (SLE-8348). Fixed an array overflow in backtrace for PowerPC (bsc#1158996). Moved to posix_spawn on popen (bsc#1149332). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149332" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151582" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1157292" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1157893" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1158996" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-19126/" ); # https://www.suse.com/support/update/announcement/2020/suse-su-20200262-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d10ed510" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-262=1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 : zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-2020-262=1 SUSE Linux Enterprise Module for Development Tools 15-SP1 : zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2020-262=1 SUSE Linux Enterprise Module for Development Tools 15 : zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2020-262=1 SUSE Linux Enterprise Module for Basesystem 15-SP1 : zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-262=1 SUSE Linux Enterprise Module for Basesystem 15 : zypper in -t patch SUSE-SLE-Module-Basesystem-15-2020-262=1" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-extra"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-extra-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-base-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-utils-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-utils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-utils-src-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/19"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/31"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-devel-static-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-profile-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-utils-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-utils-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-utils-src-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-devel-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-devel-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-devel-static-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-utils-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-utils-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-utils-src-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-devel-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-devel-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-extra-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-extra-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-locale-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-locale-base-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-locale-base-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"glibc-profile-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nscd-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"nscd-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"glibc-devel-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"glibc-devel-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"glibc-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"glibc-locale-base-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", cpu:"x86_64", reference:"glibc-locale-base-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-devel-static-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-utils-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-utils-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-utils-src-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-devel-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-devel-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-extra-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-extra-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-locale-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-locale-base-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-locale-base-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"glibc-profile-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nscd-2.26-13.36.1")) flag++; if (rpm_check(release:"SLES15", sp:"0", reference:"nscd-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-devel-static-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-profile-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-utils-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-utils-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-utils-src-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-devel-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-devel-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"glibc-locale-base-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-devel-static-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-utils-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-utils-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-utils-src-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-devel-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-devel-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-extra-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-extra-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-locale-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-locale-base-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-locale-base-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"glibc-profile-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"nscd-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"nscd-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"glibc-devel-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"glibc-devel-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"glibc-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"glibc-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"glibc-locale-base-32bit-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", cpu:"x86_64", reference:"glibc-locale-base-32bit-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-devel-static-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-utils-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-utils-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-utils-src-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-debugsource-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-devel-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-devel-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-extra-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-extra-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-locale-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-locale-base-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-locale-base-debuginfo-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"glibc-profile-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nscd-2.26-13.36.1")) flag++; if (rpm_check(release:"SLED15", sp:"0", reference:"nscd-debuginfo-2.26-13.36.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1007.NASL description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.(CVE-2019-6488) - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.(CVE-2019-19126) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2020-01-02 plugin id 132600 published 2020-01-02 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132600 title EulerOS 2.0 SP8 : glibc (EulerOS-SA-2020-1007) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1041.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739) - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.(CVE-2019-19126) - The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.(CVE-2019-6488) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 132795 published 2020-01-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132795 title EulerOS Virtualization for ARM 64 3.0.5.0 : glibc (EulerOS-SA-2020-1041) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1828.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1828 advisory. - glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-03 modified 2020-04-29 plugin id 136118 published 2020-04-29 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136118 title RHEL 8 : glibc (RHSA-2020:1828) NASL family Fedora Local Security Checks NASL id FEDORA_2020-1A3BDFDE17.NASL description This update fixes a minor security vulnerability ([`LD_PREFER_MAP_32BIT_EXEC` not ignored in setuid binaries](https://bugzilla.redhat.com/show_bug.cgi?id=1774682) and addresses are long-standing bug where missing shared objects could cause crashes due to incorrectly handled `dlopen` failures (RHBZ#1395758). The latter fix also causes lazy binding failures in ELF constructors and destructors to result in process termination (the same effect that lazy binding failures have in other contexts), rather than leaving the process in an inconsistent state. Furthermore, various issues in the `utmp`/`utmpx` subsystem have been addressed. This update also includes various minor fixes from the glibc 2.30 upstream stable release branch. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133112 published 2020-01-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133112 title Fedora 31 : glibc (2020-1a3bdfde17) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1229.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739) - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.(CVE-2019-19126) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-19 modified 2020-03-13 plugin id 134518 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134518 title EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2020-1229) NASL family Fedora Local Security Checks NASL id FEDORA_2020-C32E4B271C.NASL description This update incorporates fixes from the upstream glibc 2.29 stable release branch, including a fix for a minor security vulnerability ([`LD_PREFER_MAP_32BIT_EXEC` not ignored in setuid binaries](https://bugzilla.redhat.com/show_bug.cgi?id=1774682)). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133512 published 2020-02-06 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133512 title Fedora 30 : glibc (2020-c32e4b271c) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1388.NASL description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by last seen 2020-05-06 modified 2020-04-15 plugin id 135517 published 2020-04-15 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135517 title EulerOS 2.0 SP3 : glibc (EulerOS-SA-2020-1388)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=25204
- https://usn.ubuntu.com/4416-1/
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/