7.8 - DSA-3169

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	eglibc security update

Informations
Name	DSA-3169	First vendor Publication	2015-02-23
Vendor	Debian	Last vendor Modification	2015-02-23
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library:

CVE-2012-3406 The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

CVE-2013-7424 An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.

CVE-2014-4043 The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

CVE-2014-9402 The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name.

CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of "__libc_use_alloca (newsize)" caused a different (and weaker) policy to be enforced which could allow a denial of service attack.

For the unstable distribution (sid), all the above issues are fixed in version 2.19-15 of the glibc package.

We recommend that you upgrade your eglibc packages.

Original Source

Url : http://www.debian.org/security/2015/dsa-3169

CWE : Common Weakness Enumeration

%	Id	Name
25 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
25 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
12 %	CWE-399	Resource Management Errors
12 %	CWE-264	Permissions, Privileges, and Access Controls
12 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
12 %	CWE-17	Code

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21252

Oval ID:	oval:org.mitre.oval:def:21252
Title:	RHSA-2012:1098: glibc security and bug fix update (Moderate)
Description:	The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1098-01 CESA-2012:1098 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406	Version:	28
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	glibc
Definition Synopsis:
Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x Packages section glibc-devel is earlier than 0:2.12-1.80.el6_3.3 AND glibc-utils is earlier than 0:2.12-1.80.el6_3.3 AND glibc is earlier than 0:2.12-1.80.el6_3.3 AND nscd is earlier than 0:2.12-1.80.el6_3.3 AND glibc-static is earlier than 0:2.12-1.80.el6_3.3 AND glibc-common is earlier than 0:2.12-1.80.el6_3.3 AND glibc-headers is earlier than 0:2.12-1.80.el6_3.3

Definition Id: oval:org.mitre.oval:def:21515

Oval ID:	oval:org.mitre.oval:def:21515
Title:	RHSA-2012:1097: glibc security and bug fix update (Moderate)
Description:	The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family:	unix	Class:	patch
Reference(s):	RHSA-2012:1097-00 CESA-2012:1097 CVE-2012-3406	Version:	5
Platform(s):	Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	glibc
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section glibc-common is earlier than 0:2.5-81.el5_8.4 AND glibc is earlier than 0:2.5-81.el5_8.4 AND glibc-devel is earlier than 0:2.5-81.el5_8.4 AND glibc-utils is earlier than 0:2.5-81.el5_8.4 AND nscd is earlier than 0:2.5-81.el5_8.4 AND glibc-headers is earlier than 0:2.5-81.el5_8.4

Definition Id: oval:org.mitre.oval:def:22825

Oval ID:	oval:org.mitre.oval:def:22825
Title:	ELSA-2012:1097: glibc security and bug fix update (Moderate)
Description:	The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1097-00 CVE-2012-3406	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	glibc
Definition Synopsis:
Oracle Linux 5.x rpm test glibc-common is earlier than 0:2.5-81.el5_8.4 AND glibc is earlier than 0:2.5-81.el5_8.4 AND glibc-devel is earlier than 0:2.5-81.el5_8.4 AND glibc-utils is earlier than 0:2.5-81.el5_8.4 AND nscd is earlier than 0:2.5-81.el5_8.4 AND glibc-headers is earlier than 0:2.5-81.el5_8.4

Definition Id: oval:org.mitre.oval:def:23014

Oval ID:	oval:org.mitre.oval:def:23014
Title:	ELSA-2012:1098: glibc security and bug fix update (Moderate)
Description:	The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family:	unix	Class:	patch
Reference(s):	ELSA-2012:1098-01 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406	Version:	17
Platform(s):	Oracle Linux 6	Product(s):	glibc
Definition Synopsis:
Oracle Linux 6.x rpm test glibc-devel is earlier than 0:2.12-1.80.el6_3.3 AND glibc-utils is earlier than 0:2.12-1.80.el6_3.3 AND glibc is earlier than 0:2.12-1.80.el6_3.3 AND nscd is earlier than 0:2.12-1.80.el6_3.3 AND glibc-static is earlier than 0:2.12-1.80.el6_3.3 AND glibc-common is earlier than 0:2.12-1.80.el6_3.3 AND glibc-headers is earlier than 0:2.12-1.80.el6_3.3

Definition Id: oval:org.mitre.oval:def:25541

Oval ID:	oval:org.mitre.oval:def:25541
Title:	SUSE-SU-2014:0920-1 -- Security update for glibc
Description:	glibc has been updated to fix one security issue that could have resulted in free-after-use situations.
Family:	unix	Class:	patch
Reference(s):	SUSE-SU-2014:0920-1 CVE-2014-4043	Version:	3
Platform(s):	SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11	Product(s):	glibc
Definition Synopsis:
SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11 release section Operation system section SUSE Linux Enterprise Server 11.x is installed AND SUSE Linux Enterprise Desktop 11.x is installed Packages match section glibc RPM is earlier than 0:2.11.3-17.66.1 AND glibc-devel RPM is earlier than 0:2.11.3-17.66.1 AND glibc-i18ndata RPM is earlier than 0:2.11.3-17.66.1 AND glibc-locale RPM is earlier than 0:2.11.3-17.66.1 AND nscd RPM is earlier than 0:2.11.3-17.66.1 AND glibc-32bit RPM is earlier than 0:2.11.3-17.66.1 AND glibc-devel-32bit RPM is earlier than 0:2.11.3-17.66.1 AND glibc-locale-32bit RPM is earlier than 0:2.11.3-17.66.1 AND SUSE Linux Enterprise Server 11 release section SUSE Linux Enterprise Server 11.x is installed Packages match section glibc-html RPM is earlier than 0:2.11.3-17.66.1 AND glibc-info RPM is earlier than 0:2.11.3-17.66.1 AND glibc-profile RPM is earlier than 0:2.11.3-17.66.1 AND glibc-profile-32bit RPM is earlier than 0:2.11.3-17.66.1

Definition Id: oval:org.mitre.oval:def:26211

Oval ID:	oval:org.mitre.oval:def:26211
Title:	USN-2306-1 -- eglibc vulnerabilities
Description:	Several security issues were fixed in the GNU C Library.
Family:	unix	Class:	patch
Reference(s):	USN-2306-1 CVE-2013-4357 CVE-2013-4458 CVE-2014-0475 CVE-2014-4043	Version:	3
Platform(s):	Ubuntu 14.04 Ubuntu 12.04 Ubuntu 10.04	Product(s):	eglibc
Definition Synopsis:
Ubuntu 14.04 release section Ubuntu 14.04 is installed AND libc6 DPKG is earlier than 0:2.19-0ubuntu6.1 AND Ubuntu 12.04 release section Ubuntu 12.04 is installed AND libc6 DPKG is earlier than 0:2.15-0ubuntu10.6 AND Ubuntu 10.04 release section Ubuntu 10.04 is installed AND libc6 DPKG is earlier than 0:2.11.1-0ubuntu7.14

Definition Id: oval:org.mitre.oval:def:26402

Oval ID:	oval:org.mitre.oval:def:26402
Title:	USN-2306-2 -- eglibc regression
Description:	USN-2306-1 introduced a regression in the GNU C Library.
Family:	unix	Class:	patch
Reference(s):	USN-2306-2 CVE-2013-4357 CVE-2013-4458 CVE-2014-0475 CVE-2014-4043	Version:	3
Platform(s):	Ubuntu 10.04	Product(s):	eglibc
Definition Synopsis:
Ubuntu 10.04 is installed AND libc6 DPKG is earlier than 0:2.11.1-0ubuntu7.15

Definition Id: oval:org.mitre.oval:def:26728

Oval ID:	oval:org.mitre.oval:def:26728
Title:	USN-2306-3 -- eglibc regression
Description:	USN-2306-1 introduced a regression in the GNU C Library.
Family:	unix	Class:	patch
Reference(s):	USN-2306-3 CVE-2013-4357 CVE-2013-4458 CVE-2014-0475 CVE-2014-4043	Version:	3
Platform(s):	Ubuntu 10.04	Product(s):	eglibc
Definition Synopsis:
Ubuntu 10.04 is installed AND libc6 DPKG is earlier than 0:2.11.1-0ubuntu7.17

Definition Id: oval:org.mitre.oval:def:27827

Oval ID:	oval:org.mitre.oval:def:27827
Title:	DEPRECATED: ELSA-2012-1098 -- glibc security and bug fix update (moderate)
Description:	[2.12-1.80.el6_3.3] - Fix incorrect/corrupt patchfile for 833716. Did not affect generated code, but tests were missing (#833716). [2.12-1.80.el6_3.2] - Fix regression after patch for BZ804630 (#837026). [2.12-1.80.el6_3.1] - Fixes an unbound alloca and related problems. (#833716)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1098 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406	Version:	4
Platform(s):	Oracle Linux 6	Product(s):	glibc
Definition Synopsis:
Oracle Linux 6.x Packages match section glibc is earlier than 0:2.12-1.80.el6_3.3 AND glibc-common is earlier than 0:2.12-1.80.el6_3.3 AND glibc-devel is earlier than 0:2.12-1.80.el6_3.3 AND glibc-headers is earlier than 0:2.12-1.80.el6_3.3 AND glibc-static is earlier than 0:2.12-1.80.el6_3.3 AND glibc-utils is earlier than 0:2.12-1.80.el6_3.3 AND nscd is earlier than 0:2.12-1.80.el6_3.3

Definition Id: oval:org.mitre.oval:def:27845

Oval ID:	oval:org.mitre.oval:def:27845
Title:	DEPRECATED: ELSA-2012-1097 -- glibc security and bug fix update (moderate)
Description:	[2.5-81.el5_8.4] - Fix iconv() segfault if the invalid multibyte character 0xffff is input when converting from IBM930 (#837896) [2.5-81.el5_8.3] - Fix unbound alloca in vfprintf (#833720)
Family:	unix	Class:	patch
Reference(s):	ELSA-2012-1097 CVE-2012-3406	Version:	4
Platform(s):	Oracle Linux 5	Product(s):	glibc
Definition Synopsis:
Oracle Linux 5.x Packages match section glibc is earlier than 0:2.5-81.el5_8.4 AND glibc-common is earlier than 0:2.5-81.el5_8.4 AND glibc-devel is earlier than 0:2.5-81.el5_8.4 AND glibc-headers is earlier than 0:2.5-81.el5_8.4 AND glibc-utils is earlier than 0:2.5-81.el5_8.4 AND nscd is earlier than 0:2.5-81.el5_8.4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Glibc cpe:2.3:a:gnu:glibc:2.9:::::::* cpe:2.3:a:gnu:glibc:2.8:::::::* cpe:2.3:a:gnu:glibc:2.7:::::::* cpe:2.3:a:gnu:glibc:2.6.1:::::::* cpe:2.3:a:gnu:glibc:2.6:::::::* cpe:2.3:a:gnu:glibc:2.5.1:::::::* cpe:2.3:a:gnu:glibc:2.5-49.el5_5.6:::::::* cpe:2.3:a:gnu:glibc:2.5:::::::* cpe:2.3:a:gnu:glibc:2.4:::::::* cpe:2.3:a:gnu:glibc:2.3.6:::::::* cpe:2.3:a:gnu:glibc:2.3.5:::::::* cpe:2.3:a:gnu:glibc:2.3.4:::::::* cpe:2.3:a:gnu:glibc:2.3.3:::::::* cpe:2.3:a:gnu:glibc:2.3.2:::::::* cpe:2.3:a:gnu:glibc:2.3.10:::::::* cpe:2.3:a:gnu:glibc:2.3.1:::::::* cpe:2.3:a:gnu:glibc:2.3:::::::* cpe:2.3:a:gnu:glibc:2.20:::::::* cpe:2.3:a:gnu:glibc:2.20::::::x86: cpe:2.3:a:gnu:glibc:2.2.5:::::::* cpe:2.3:a:gnu:glibc:2.2.4:::::::* cpe:2.3:a:gnu:glibc:2.2.3:::::::* cpe:2.3:a:gnu:glibc:2.2.2:::::::* cpe:2.3:a:gnu:glibc:2.2.1:::::::* cpe:2.3:a:gnu:glibc:2.2:::::::* cpe:2.3:a:gnu:glibc:2.19:::::::* cpe:2.3:a:gnu:glibc:2.18:::::::* cpe:2.3:a:gnu:glibc:2.18::::::x86: cpe:2.3:a:gnu:glibc:2.17:::::::* cpe:2.3:a:gnu:glibc:2.17::::::x86: cpe:2.3:a:gnu:glibc:2.16:::::::* cpe:2.3:a:gnu:glibc:2.15:::::::* cpe:2.3:a:gnu:glibc:2.14.1:::::::* cpe:2.3:a:gnu:glibc:2.14:::::::* cpe:2.3:a:gnu:glibc:2.13:::::::* cpe:2.3:a:gnu:glibc:2.12.2:::::::* cpe:2.3:a:gnu:glibc:2.12.1:::::::* cpe:2.3:a:gnu:glibc:2.12.0:::::::* cpe:2.3:a:gnu:glibc:2.12-1.7.el6_0.3:::::::* cpe:2.3:a:gnu:glibc:2.12:::::::* cpe:2.3:a:gnu:glibc:2.12::::::x86: cpe:2.3:a:gnu:glibc:2.11.3:::::::* cpe:2.3:a:gnu:glibc:2.11.2:::::::* cpe:2.3:a:gnu:glibc:2.11.1:::::::* cpe:2.3:a:gnu:glibc:2.11:::::::* cpe:2.3:a:gnu:glibc:2.10.2:::::::* cpe:2.3:a:gnu:glibc:2.10.1:::::::* cpe:2.3:a:gnu:glibc:2.10:::::::* cpe:2.3:a:gnu:glibc:2.1.9:::::::* cpe:2.3:a:gnu:glibc:2.1.3.10:::::::* cpe:2.3:a:gnu:glibc:2.1.3:::::::* cpe:2.3:a:gnu:glibc:2.1.2:::::::* cpe:2.3:a:gnu:glibc:2.1.1.6:::::::* cpe:2.3:a:gnu:glibc:2.1.1:::::::* cpe:2.3:a:gnu:glibc:2.1:::::::* cpe:2.3:a:gnu:glibc:2.0.6:::::::* cpe:2.3:a:gnu:glibc:2.0.5:::::::* cpe:2.3:a:gnu:glibc:2.0.4:::::::* cpe:2.3:a:gnu:glibc:2.0.3:::::::* cpe:2.3:a:gnu:glibc:2.0.2:::::::* cpe:2.3:a:gnu:glibc:2.0.1:::::::* cpe:2.3:a:gnu:glibc:2.0:::::::* cpe:2.3:a:gnu:glibc:1.09.5:::::::* cpe:2.3:a:gnu:glibc:1.09.3:::::::* cpe:2.3:a:gnu:glibc:1.09.2:::::::* cpe:2.3:a:gnu:glibc:1.09.1:::::::* cpe:2.3:a:gnu:glibc:1.09:::::::* cpe:2.3:a:gnu:glibc:1.08.9:::::::* cpe:2.3:a:gnu:glibc:1.08.8:::::::* cpe:2.3:a:gnu:glibc:1.08.7:::::::* cpe:2.3:a:gnu:glibc:1.08.6:::::::* cpe:2.3:a:gnu:glibc:1.08.5:::::::* cpe:2.3:a:gnu:glibc:1.08.4:::::::* cpe:2.3:a:gnu:glibc:1.08.3:::::::* cpe:2.3:a:gnu:glibc:1.08.14:::::::* cpe:2.3:a:gnu:glibc:1.08.13:::::::* cpe:2.3:a:gnu:glibc:1.08.12:::::::* cpe:2.3:a:gnu:glibc:1.08.11:::::::* cpe:2.3:a:gnu:glibc:1.08.10:::::::* cpe:2.3:a:gnu:glibc:1.08.1:::::::* cpe:2.3:a:gnu:glibc:1.08:::::::* cpe:2.3:a:gnu:glibc:1.07.6:::::::* cpe:2.3:a:gnu:glibc:1.07.5:::::::* cpe:2.3:a:gnu:glibc:1.07.4:::::::* cpe:2.3:a:gnu:glibc:1.07.3:::::::* cpe:2.3:a:gnu:glibc:1.07.2:::::::* cpe:2.3:a:gnu:glibc:1.07.1:::::::* cpe:2.3:a:gnu:glibc:1.07:::::::* cpe:2.3:a:gnu:glibc:1.06.9:::::::* cpe:2.3:a:gnu:glibc:1.06.8:::::::* cpe:2.3:a:gnu:glibc:1.06.7:::::::* cpe:2.3:a:gnu:glibc:1.06.6:::::::* cpe:2.3:a:gnu:glibc:1.06.4:::::::* cpe:2.3:a:gnu:glibc:1.06.3:::::::* cpe:2.3:a:gnu:glibc:1.06.2:::::::* cpe:2.3:a:gnu:glibc:1.06.13:::::::* cpe:2.3:a:gnu:glibc:1.06.12:::::::* cpe:2.3:a:gnu:glibc:1.06.11:::::::* cpe:2.3:a:gnu:glibc:1.06.10:::::::* cpe:2.3:a:gnu:glibc:1.06.1:::::::* cpe:2.3:a:gnu:glibc:1.06:::::::* cpe:2.3:a:gnu:glibc:1.05:::::::* cpe:2.3:a:gnu:glibc:1.04:::::::* cpe:2.3:a:gnu:glibc:1.03:::::::* cpe:2.3:a:gnu:glibc:1.02:::::::* cpe:2.3:a:gnu:glibc:1.01:::::::* cpe:2.3:a:gnu:glibc:1.00:::::::* cpe:2.3:a:gnu:glibc:0.6:::::::* cpe:2.3:a:gnu:glibc:0.5:::::::* cpe:2.3:a:gnu:glibc:0.4.1:::::::* cpe:2.3:a:gnu:glibc:0.4:::::::* cpe:2.3:a:gnu:glibc:0.1:::::::* cpe:2.3:a:gnu:glibc:::::::: cpe:2.3:a:gnu:glibc:::::::x64:* cpe:2.3:a:gnu:glibc:::::::x86:* cpe:2.3:a:gnu:glibc:-:::::::*	116
Application	Redhat Enterprise Virtualization cpe:2.3:a:redhat:enterprise_virtualization:3.0:::::::*	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:::::*	9
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.2:::::::* cpe:2.3:o:opensuse:opensuse:13.1:::::::*	2
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux:5:::::::*	2

OpenVAS Exploits

Date	Description
2012-12-27	Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi File : nvt/gb_VMSA-2012-0018.nasl
2012-12-18	Name : Ubuntu Update for glibc USN-1589-2 File : nvt/gb_ubuntu_USN_1589_2.nasl
2012-10-03	Name : Ubuntu Update for eglibc USN-1589-1 File : nvt/gb_ubuntu_USN_1589_1.nasl
2012-08-30	Name : Fedora Update for glibc FEDORA-2012-11508 File : nvt/gb_fedora_2012_11508_glibc_fc17.nasl
2012-07-30	Name : CentOS Update for glibc CESA-2012:1097 centos5 File : nvt/gb_CESA-2012_1097_glibc_centos5.nasl
2012-07-30	Name : CentOS Update for glibc CESA-2012:1098 centos6 File : nvt/gb_CESA-2012_1098_glibc_centos6.nasl
2012-07-19	Name : RedHat Update for glibc RHSA-2012:1097-01 File : nvt/gb_RHSA-2012_1097-01_glibc.nasl
2012-07-19	Name : RedHat Update for glibc RHSA-2012:1098-01 File : nvt/gb_RHSA-2012_1098-01_glibc.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2015-02-12	IAVM : 2015-A-0038 - Multiple Vulnerabilities in GNU C Library (glibc) Severity : Category I - VMSKEY : V0058753

Nessus® Vulnerability Scanner

Date	Description
2018-12-18	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16365.nasl - Type : ACT_GATHER_INFO
2018-10-26	Name : The remote EulerOS Virtualization host is missing multiple security updates. File : EulerOS_SA-2018-1344.nasl - Type : ACT_GATHER_INFO
2018-09-18	Name : The remote EulerOS Virtualization host is missing a security update. File : EulerOS_SA-2018-1272.nasl - Type : ACT_GATHER_INFO
2018-05-11	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2018-1017.nasl - Type : ACT_GATHER_INFO
2018-04-27	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2018-0805.nasl - Type : ACT_GATHER_INFO
2017-08-08	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1147.nasl - Type : ACT_GATHER_INFO
2017-08-08	Name : The remote EulerOS host is missing multiple security updates. File : EulerOS_SA-2017-1146.nasl - Type : ACT_GATHER_INFO
2016-02-19	Name : The remote Red Hat host is potentially affected by a denial of service vulner... File : redhat-CVE-2014-9402.nasl - Type : ACT_GATHER_INFO
2016-02-18	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201602-02.nasl - Type : ACT_GATHER_INFO
2016-02-04	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2589.nasl - Type : ACT_GATHER_INFO
2015-12-22	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151119_glibc_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-15	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2015-617.nasl - Type : ACT_GATHER_INFO
2015-12-02	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2199.nasl - Type : ACT_GATHER_INFO
2015-11-30	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2199.nasl - Type : ACT_GATHER_INFO
2015-11-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2199.nasl - Type : ACT_GATHER_INFO
2015-08-18	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-1627.nasl - Type : ACT_GATHER_INFO
2015-08-18	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-1627.nasl - Type : ACT_GATHER_INFO
2015-08-18	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20150817_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2015-08-17	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-1627.nasl - Type : ACT_GATHER_INFO
2015-08-17	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-544.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0167-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1488-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1251-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1122-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2014-1128-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0170-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0526-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0550-1.nasl - Type : ACT_GATHER_INFO
2015-05-20	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-0551-1.nasl - Type : ACT_GATHER_INFO
2015-04-21	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16472.nasl - Type : ACT_GATHER_INFO
2015-04-06	Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16364.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-168.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-122.nasl - Type : ACT_GATHER_INFO
2015-03-26	Name : The remote Debian host is missing a security update. File : debian_DLA-165.nasl - Type : ACT_GATHER_INFO
2015-03-09	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201503-04.nasl - Type : ACT_GATHER_INFO
2015-03-06	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-150226.nasl - Type : ACT_GATHER_INFO
2015-03-05	Name : The remote Fedora host is missing a security update. File : fedora_2015-2837.nasl - Type : ACT_GATHER_INFO
2015-02-27	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2519-1.nasl - Type : ACT_GATHER_INFO
2015-02-27	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-173.nasl - Type : ACT_GATHER_INFO
2015-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-3169.nasl - Type : ACT_GATHER_INFO
2015-02-11	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-150129.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO
2014-11-08	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1185.nasl - Type : ACT_GATHER_INFO
2014-10-24	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-296-01.nasl - Type : ACT_GATHER_INFO
2014-10-17	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-1391.nasl - Type : ACT_GATHER_INFO
2014-10-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-1391.nasl - Type : ACT_GATHER_INFO
2014-09-09	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2306-3.nasl - Type : ACT_GATHER_INFO
2014-08-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-152.nasl - Type : ACT_GATHER_INFO
2014-08-06	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2306-2.nasl - Type : ACT_GATHER_INFO
2014-08-05	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2306-1.nasl - Type : ACT_GATHER_INFO
2014-07-20	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-140701.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO
2013-11-13	Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO
2013-09-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-109.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1097.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1098.nasl - Type : ACT_GATHER_INFO
2013-01-25	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-121129.nasl - Type : ACT_GATHER_INFO
2012-12-24	Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2012-0018.nasl - Type : ACT_GATHER_INFO
2012-12-18	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1589-2.nasl - Type : ACT_GATHER_INFO
2012-11-19	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-8351.nasl - Type : ACT_GATHER_INFO
2012-10-02	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1589-1.nasl - Type : ACT_GATHER_INFO
2012-08-16	Name : The remote Fedora host is missing a security update. File : fedora_2012-11508.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120718_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120718_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-20	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1098.nasl - Type : ACT_GATHER_INFO
2012-07-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1097.nasl - Type : ACT_GATHER_INFO
2012-07-19	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1098.nasl - Type : ACT_GATHER_INFO
2012-07-19	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1097.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2015-08-27 00:27:34	Multiple Updates
2015-04-08 17:29:16	Multiple Updates
2015-02-25 13:24:15	Multiple Updates
2015-02-24 21:29:21	Multiple Updates
2015-02-23 09:22:27	First insertion

Global Informations

Type	Count
CWE ID(s)	8
Oval ID(s)	10
CPE ID(s)	130
Openvas Exploit(s)	8
IAVM(s)	1
Nessus® Exploit(s)	68

	Related
7.8	CVE-2014-9402
7.5	CVE-2015-1472
7.5	CVE-2014-4043
6.8	CVE-2012-3406
6.4	CVE-2015-1473
5.1	CVE-2013-7424
5	CVE-2012-3405
5	CVE-2012-3404
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 8 more Alert(s)