Vulnerabilities > CVE-2019-9169 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
gnu
netapp
mcafee
canonical
CWE-125
critical
nessus

Summary

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

Vulnerable Configurations

Part Description Count
Application
Gnu
126
Application
Netapp
3
Application
Mcafee
35
OS
Canonical
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1958-2.NASL
    descriptionThis update for glibc fixes the following issues : Security issues fixed : CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128018
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128018
    titleSUSE SLES12 Security Update : glibc (SUSE-SU-2019:1958-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1958-2.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128018);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2009-5155", "CVE-2019-9169");
    
      script_name(english:"SUSE SLES12 Security Update : glibc (SUSE-SU-2019:1958-2)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for glibc fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted
    case-insensitive regular-expression match (bsc#1127308).
    
    CVE-2009-5155: Fixed a denial of service in parse_reg_exp()
    (bsc#1127223).
    
    Non-security issues fixed: Added cfi information for start routines in
    order to stop unwinding on S390 (bsc#1128574).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2009-5155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9169/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191958-2/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?15c3af21"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud Crowbar 8:zypper in -t patch
    SUSE-OpenStack-Cloud-Crowbar-8-2019-1958=1
    
    SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1958=1
    
    SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-BCL-2019-1958=1
    
    SUSE Enterprise Storage 5:zypper in -t patch
    SUSE-Storage-5-2019-1958=1
    
    HPE Helion Openstack 8:zypper in -t patch
    HPE-Helion-OpenStack-8-2019-1958=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-32bit-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-debuginfo-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-debugsource-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-devel-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-devel-32bit-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-devel-debuginfo-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-locale-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-locale-32bit-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-locale-debuginfo-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-profile-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"glibc-profile-32bit-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"nscd-2.22-62.22.5")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"nscd-debuginfo-2.22-62.22.5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2030.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.(CVE-2016-4429) - Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.(CVE-2015-8982) - The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.(CVE-2014-4043) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) - A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237) - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169) - The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.(CVE-2016-10228) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-24
    plugin id129223
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129223
    titleEulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129223);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2014-4043",
        "CVE-2015-5180",
        "CVE-2015-8982",
        "CVE-2016-10228",
        "CVE-2016-4429",
        "CVE-2017-12132",
        "CVE-2018-11237",
        "CVE-2019-9169"
      );
      script_bugtraq_id(
        68006
      );
    
      script_name(english:"EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the glibc packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - Stack-based buffer overflow in the clntudp_call
        function in sunrpc/clnt_udp.c in the GNU C Library (aka
        glibc or libc6) allows remote servers to cause a denial
        of service (crash) or possibly unspecified other impact
        via a flood of crafted ICMP and UDP
        packets.(CVE-2016-4429)
    
      - Integer overflow in the strxfrm function in the GNU C
        Library (aka glibc or libc6) before 2.21 allows
        context-dependent attackers to cause a denial of
        service (crash) or possibly execute arbitrary code via
        a long string, which triggers a stack-based buffer
        overflow.(CVE-2015-8982)
    
      - The posix_spawn_file_actions_addopen function in glibc
        before 2.20 does not copy its path argument in
        accordance with the POSIX specification, which allows
        context-dependent attackers to trigger use-after-free
        vulnerabilities.(CVE-2014-4043)
    
      - res_query in libresolv in glibc before 2.25 allows
        remote attackers to cause a denial of service (NULL
        pointer dereference and process crash).(CVE-2015-5180)
    
      - A buffer overflow has been discovered in the GNU C
        Library (aka glibc or libc6) in the
        __mempcpy_avx512_no_vzeroupper function when particular
        conditions are met. An attacker could use this
        vulnerability to cause a denial of service or
        potentially execute code.(CVE-2018-11237)
    
      - In the GNU C Library (aka glibc or libc6) through 2.29,
        proceed_next_node in posix/regexec.c has a heap-based
        buffer over-read via an attempted case-insensitive
        regular-expression match.(CVE-2019-9169)
    
      - The iconv program in the GNU C Library (aka glibc or
        libc6) 2.25 and earlier, when invoked with the -c
        option, enters an infinite loop when processing invalid
        multi-byte input sequences, leading to a denial of
        service.(CVE-2016-10228)
    
      - The DNS stub resolver in the GNU C Library (aka glibc
        or libc6) before version 2.26, when EDNS support is
        enabled, will solicit large UDP responses from name
        servers, potentially simplifying off-path DNS spoofing
        attacks due to IP fragmentation.(CVE-2017-12132)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2030
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7ebae79a");
      script_set_attribute(attribute:"solution", value:
    "Update the affected glibc packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9169");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["glibc-2.17-196.h27",
            "glibc-common-2.17-196.h27",
            "glibc-devel-2.17-196.h27",
            "glibc-headers-2.17-196.h27",
            "glibc-static-2.17-196.h27",
            "glibc-utils-2.17-196.h27",
            "nscd-2.17-196.h27"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1111.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.(CVE-2009-5155) - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123585
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123585
    titleEulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1111)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123585);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2009-5155",
        "CVE-2019-9169"
      );
    
      script_name(english:"EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1111)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the glibc packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - In the GNU C Library (aka glibc or libc6) before 2.28,
        parse_reg_exp in posix/regcomp.c misparses
        alternatives, which allows attackers to cause a denial
        of service (assertion failure and application exit) or
        trigger an incorrect result by attempting a
        regular-expression match.(CVE-2009-5155)
    
      - In the GNU C Library (aka glibc or libc6) through 2.29,
        proceed_next_node in posix/regexec.c has a heap-based
        buffer over-read via an attempted case-insensitive
        regular-expression match.(CVE-2019-9169)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1111
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4b1285a1");
      script_set_attribute(attribute:"solution", value:
    "Update the affected glibc packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/02");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-utils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["glibc-2.17-111.h34",
            "glibc-common-2.17-111.h34",
            "glibc-devel-2.17-111.h34",
            "glibc-headers-2.17-111.h34",
            "glibc-static-2.17-111.h34",
            "glibc-utils-2.17-111.h34",
            "nscd-2.17-111.h34"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1260.NASL
    descriptionAccording to the version of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id123728
    published2019-04-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123728
    titleEulerOS Virtualization 2.5.3 : glibc (EulerOS-SA-2019-1260)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123728);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/27");
    
      script_cve_id(
        "CVE-2019-9169"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.3 : glibc (EulerOS-SA-2019-1260)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the glibc packages installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerability :
    
      - In the GNU C Library (aka glibc or libc6) through 2.29,
        proceed_next_node in posix/regexec.c has a heap-based
        buffer over-read via an attempted case-insensitive
        regular-expression match.(CVE-2019-9169)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1260
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?de60fc43");
      script_set_attribute(attribute:"solution", value:
    "Update the affected glibc package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["glibc-2.17-196.h33",
            "glibc-common-2.17-196.h33",
            "glibc-devel-2.17-196.h33",
            "glibc-headers-2.17-196.h33",
            "nscd-2.17-196.h33"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1102-1.NASL
    descriptionThis update for glibc fixes the following issues : Security issues fixed : CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114) CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018) CVE-2009-5155: ERE
    last seen2020-06-01
    modified2020-06-02
    plugin id124451
    published2019-05-01
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124451
    titleSUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2019:1102-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1102-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124451);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/21");
    
      script_cve_id("CVE-2009-5155", "CVE-2016-10739", "CVE-2019-9169");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2019:1102-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for glibc fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114)
    
    CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ
    #20018)
    
    CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior
    (bsc#1127223, BZ #18986)
    
    Non-security issues fixed: Enable TLE only if GLIBC_ELISION_ENABLE=yes
    is defined (bsc#1131994, fate#322271)
    
    Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093)
    
    Added cfi information for start routines in order to stop unwinding
    (bsc#1128574)
    
    ja_JP locale: Add entry for the new Japanese era (bsc#1100396,
    fate#325570, BZ #22964)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2009-5155/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10739/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9169/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191102-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?894a9df5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
    patch SUSE-SLE-SDK-12-SP4-2019-1102=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-1102=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-1102=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/21");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-debuginfo-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-debugsource-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-devel-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-devel-debuginfo-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-locale-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-locale-debuginfo-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-profile-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"nscd-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"nscd-debuginfo-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-debuginfo-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-devel-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-devel-debuginfo-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-locale-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-locale-debuginfo-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"glibc-profile-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-debuginfo-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-debuginfo-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-debugsource-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-devel-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-devel-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-devel-debuginfo-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-devel-debuginfo-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-locale-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-locale-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-locale-debuginfo-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"glibc-locale-debuginfo-32bit-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"nscd-2.22-100.8.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"nscd-debuginfo-2.22-100.8.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-14084-1.NASL
    descriptionThis update for glibc fixes the following issues : Security issue fixed : CVE-2019-9169: Fixed heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125984
    published2019-06-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125984
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2019:14084-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:14084-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125984);
      script_version("1.2");
      script_cvs_date("Date: 2019/06/18 13:15:16");
    
      script_cve_id("CVE-2019-9169");
    
      script_name(english:"SUSE SLES11 Security Update : glibc (SUSE-SU-2019:14084-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for glibc fixes the following issues :
    
    Security issue fixed :
    
    CVE-2019-9169: Fixed heap-based buffer over-read via an attempted
    case-insensitive regular-expression match (bsc#1127308).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1127308"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-9169/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-201914084-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?876e23a3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP4-LTSS:zypper in -t patch
    slessp4-glibc-14084=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-glibc-14084=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-glibc-14084=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-glibc-14084=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-i18ndata");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-info");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-locale");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glibc-profile");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    # Temp Disable
    exit(0, "This plugin has been temporarily disabled.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! ereg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-32bit-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-devel-32bit-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-locale-32bit-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"glibc-profile-32bit-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-devel-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-html-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-i18ndata-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-info-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-locale-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"glibc-profile-2.11.3-17.110.33.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"nscd-2.11.3-17.110.33.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1552.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.(CVE-2015-5277) - A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application.(CVE-2014-0475) - It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure.(CVE-2015-8776) - The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670) - The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.(CVE-2013-4788) - An out-of-bounds read flaw was found in the way glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id125005
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125005
    titleEulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125005);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2012-4412",
        "CVE-2013-1914",
        "CVE-2013-4237",
        "CVE-2013-4788",
        "CVE-2013-7423",
        "CVE-2014-0475",
        "CVE-2014-6040",
        "CVE-2014-9402",
        "CVE-2014-9761",
        "CVE-2015-1472",
        "CVE-2015-1781",
        "CVE-2015-5277",
        "CVE-2015-8776",
        "CVE-2016-3075",
        "CVE-2017-15670",
        "CVE-2019-9169"
      );
      script_bugtraq_id(
        55462,
        58839,
        61183,
        61729,
        68505,
        69472,
        71670,
        72428,
        72498,
        72844,
        74255
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the glibc packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - It was discovered that the nss_files backend for the
        Name Service Switch in glibc would return incorrect
        data to applications or corrupt the heap (depending on
        adjacent heap contents). A local attacker could
        potentially use this flaw to execute arbitrary code on
        the system.(CVE-2015-5277)
    
      - A directory traveral flaw was found in the way glibc
        loaded locale files. An attacker able to make an
        application use a specially crafted locale name value
        (for example, specified in an LC_* environment
        variable) could possibly use this flaw to execute
        arbitrary code with the privileges of that
        application.(CVE-2014-0475)
    
      - It was found that out-of-range time values passed to
        the strftime() function could result in an
        out-of-bounds memory access. This could lead to
        application crash or, potentially, information
        disclosure.(CVE-2015-8776)
    
      - The GNU C Library (aka glibc or libc6) before 2.27
        contains an off-by-one error leading to a heap-based
        buffer overflow in the glob function in glob.c, related
        to the processing of home directories using the ~
        operator followed by a long string.(CVE-2017-15670)
    
      - The PTR_MANGLE implementation in the GNU C Library (aka
        glibc or libc6) 2.4, 2.17, and earlier, and Embedded
        GLIBC (EGLIBC) does not initialize the random value for
        the pointer guard, which makes it easier for
        context-dependent attackers to control execution flow
        by leveraging a buffer-overflow vulnerability in an
        application and using the known zero value pointer
        guard to calculate a pointer address.(CVE-2013-4788)
    
      - An out-of-bounds read flaw was found in the way glibc's
        iconv() function converted certain encoded data to
        UTF-8. An attacker able to make an application call the
        iconv() function with a specially crafted argument
        could use this flaw to crash that
        application.(CVE-2014-6040)
    
      - A stack overflow vulnerability was found in
        _nss_dns_getnetbyname_r. On systems with nsswitch
        configured to include ''networks: dns'' with a
        privileged or network-facing service that would attempt
        to resolve user-provided network names, an attacker
        could provide an excessively long network name,
        resulting in stack corruption and code
        execution.(CVE-2016-3075)
    
      - Integer overflow in string/strcoll_l.c in the GNU C
        Library (aka glibc or libc6) 2.17 and earlier allows
        context-dependent attackers to cause a denial of
        service (crash) or possibly execute arbitrary code via
        a long string, which triggers a heap-based buffer
        overflow.(CVE-2012-4412)
    
      - A heap-based buffer overflow flaw was found in glibc's
        swscanf() function. An attacker able to make an
        application call the swscanf() function could use this
        flaw to crash that application or, potentially, execute
        arbitrary code with the permissions of the user running
        the application.(CVE-2015-1472)
    
      - It was found that getaddrinfo() did not limit the
        amount of stack memory used during name resolution. An
        attacker able to make an application resolve an
        attacker-controlled hostname or IP address could
        possibly cause the application to exhaust all stack
        memory and crash.(CVE-2013-1914)
    
      - A stack overflow vulnerability was found in nan*
        functions that could cause applications, which process
        long strings with the nan function, to crash or,
        potentially, execute arbitrary code.(CVE-2014-9761)
    
      - An out-of-bounds write flaw was found in the way the
        glibc's readdir_r() function handled file system
        entries longer than the NAME_MAX character constant. A
        remote attacker could provide a specially crafted NTFS
        or CIFS file system that, when processed by an
        application using readdir_r(), would cause that
        application to crash or, potentially, allow the
        attacker to execute arbitrary code with the privileges
        of the user running the application.(CVE-2013-4237)
    
      - It was discovered that, under certain circumstances,
        glibc's getaddrinfo() function would send DNS queries
        to random file descriptors. An attacker could
        potentially use this flaw to send DNS queries to
        unintended recipients, resulting in information
        disclosure or data loss due to the application
        encountering corrupted data.(CVE-2013-7423)
    
      - A buffer overflow flaw was found in the way glibc's
        gethostbyname_r() and other related functions computed
        the size of a buffer when passed a misaligned buffer as
        input. An attacker able to make an application call any
        of these functions with a misaligned buffer could use
        this flaw to crash the application or, potentially,
        execute arbitrary code with the permissions of the user
        running the application.(CVE-2015-1781)
    
      - The nss_dns implementation of getnetbyname in GNU C
        Library (aka glibc) before 2.21, when the DNS backend
        in the Name Service Switch configuration is enabled,
        allows remote attackers to cause a denial of service
        (infinite loop) by sending a positive answer while a
        network name is being process.(CVE-2014-9402)
    
      - In the GNU C Library (aka glibc or libc6) through 2.29,
        proceed_next_node in posix/regexec.c has a heap-based
        buffer over-read via an attempted case-insensitive
        regular-expression match.(CVE-2019-9169)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1552
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad6abb72");
      script_set_attribute(attribute:"solution", value:
    "Update the affected glibc packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-9169");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["glibc-2.17-222.h11",
            "glibc-common-2.17-222.h11",
            "glibc-devel-2.17-222.h11",
            "glibc-headers-2.17-222.h11",
            "nscd-2.17-222.h11"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1877-1.NASL
    descriptionThis update for glibc fixes the following issues : Security issues fixed : CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: Does no longer compress debug sections in crt*.o files (bsc#1123710) Fixes a concurrency problem in ldconfig (bsc#1117993) Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126812
    published2019-07-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126812
    titleSUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2019:1877-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1958-1.NASL
    descriptionThis update for glibc fixes the following issues : Security issues fixed : CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: Added cfi information for start routines in order to stop unwinding on S390 (bsc#1128574). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126986
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126986
    titleSUSE SLES12 Security Update : glibc (SUSE-SU-2019:1958-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1798.NASL
    descriptionThis update for glibc fixes the following issues : Security issues fixed : - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed : - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id127035
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127035
    titleopenSUSE Security Update : glibc (openSUSE-2019-1798)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1135.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.(CVE-2009-5155) - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2019-04-02
    plugin id123609
    published2019-04-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123609
    titleEulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1135)