Executive Summary
Summary | |
---|---|
Title | GNU C library: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201011-01 | First vendor Publication | 2010-11-15 |
Vendor | Gentoo | Last vendor Modification | 2010-11-15 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201011-01.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201011-01.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
43 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
29 % | CWE-264 | Permissions, Privileges, and Access Controls |
14 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
14 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12272 | |||
Oval ID: | oval:org.mitre.oval:def:12272 | ||
Title: | VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1095 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12604 | |||
Oval ID: | oval:org.mitre.oval:def:12604 | ||
Title: | DSA-2122-1 glibc -- missing input sanitisation | ||
Description: | Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable. For the stable distribution, this problem has been fixed in version 2.7-18lenny6. For the upcoming stable distribution, this problem has been fixed in version 2.11.2-6+squeeze1 of the eglibc package. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your glibc packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2122-1 CVE-2010-3847 CVE-2010-3856 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12802 | |||
Oval ID: | oval:org.mitre.oval:def:12802 | ||
Title: | DSA-2122-2 glibc -- missing input sanitisation | ||
Description: | Colin Watson discovered that the update for stable relased in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2122-2 CVE-2010-3847 CVE-2010-3856 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | glibc |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13533 | |||
Oval ID: | oval:org.mitre.oval:def:13533 | ||
Title: | DSA-2058-1 glibc, eglibc -- multiple | ||
Description: | Several vulnerabilities have been discovered in the GNU C Library and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. For the stable distribution, these problems have been fixed in version 2.7-18lenny4 of the glibc package. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.1.11-1 of the eglibc package. We recommend that you upgrade your glibc or eglibc packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2058-1 CVE-2008-1391 CVE-2009-4880 CVE-2009-4881 CVE-2010-0296 CVE-2010-0830 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | glibc eglibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19821 | |||
Oval ID: | oval:org.mitre.oval:def:19821 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3847 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20099 | |||
Oval ID: | oval:org.mitre.oval:def:20099 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1095 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20315 | |||
Oval ID: | oval:org.mitre.oval:def:20315 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3856 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20393 | |||
Oval ID: | oval:org.mitre.oval:def:20393 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0296 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20586 | |||
Oval ID: | oval:org.mitre.oval:def:20586 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0296 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20638 | |||
Oval ID: | oval:org.mitre.oval:def:20638 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1095 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20684 | |||
Oval ID: | oval:org.mitre.oval:def:20684 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0830 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21997 | |||
Oval ID: | oval:org.mitre.oval:def:21997 | ||
Title: | RHSA-2010:0793: glibc security update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0793-01 CESA-2010:0793 CVE-2010-3856 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22199 | |||
Oval ID: | oval:org.mitre.oval:def:22199 | ||
Title: | RHSA-2010:0787: glibc security update (Important) | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0787-01 CESA-2010:0787 CVE-2010-3847 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22327 | |||
Oval ID: | oval:org.mitre.oval:def:22327 | ||
Title: | RHSA-2010:0872: glibc security and bug fix update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0872-02 CVE-2010-3847 CVE-2010-3856 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22846 | |||
Oval ID: | oval:org.mitre.oval:def:22846 | ||
Title: | ELSA-2010:0793: glibc security update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0793-01 CVE-2010-3856 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23012 | |||
Oval ID: | oval:org.mitre.oval:def:23012 | ||
Title: | ELSA-2010:0787: glibc security update (Important) | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0787-01 CVE-2010-3847 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23540 | |||
Oval ID: | oval:org.mitre.oval:def:23540 | ||
Title: | ELSA-2010:0872: glibc security and bug fix update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0872-02 CVE-2010-3847 CVE-2010-3856 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27665 | |||
Oval ID: | oval:org.mitre.oval:def:27665 | ||
Title: | DEPRECATED: ELSA-2010-0787 -- glibc security update (important) | ||
Description: | [2.5-49.el5_5.6] - Never expand in privileged programs (#643818, CVE-2010-3847) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0787 CVE-2010-3847 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27803 | |||
Oval ID: | oval:org.mitre.oval:def:27803 | ||
Title: | DEPRECATED: ELSA-2010-0872 -- glibc security and bug fix update (important) | ||
Description: | [2.12-1.7.el6_0.3] - Require suid bit on audit objects in privileged programs (#645679, CVE-2010-3856) [2.12-1.7.el6_0.2] - Never expand in privileged programs (#643821) [2.12-1.7.el6_0.1] - Fix bug in generic strstr/memmem implementation handling certain repeated patterns (#643341) - Correctly align TCB for AVX (#643343) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0872 CVE-2010-3847 CVE-2010-3856 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28160 | |||
Oval ID: | oval:org.mitre.oval:def:28160 | ||
Title: | DEPRECATED: ELSA-2010-0793 -- glibc security update (important) | ||
Description: | [2.5-49.el5_5.7] - Require suid bit on audit objects in privileged programs (#645677, CVE-2010-3856) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0793 CVE-2010-3856 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2011-11-10 | glibc LD_AUDIT arbitrary DSO load Privilege Escalation |
2010-10-22 | GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability |
2010-10-18 | GNU C library dynamic linker $ORIGIN expansion Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-12-27 | Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi File : nvt/gb_VMSA-2012-0018.nasl |
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2011:0412 centos5 x86_64 File : nvt/gb_CESA-2011_0412_glibc_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0125 centos4 File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0126 centos5 File : nvt/gb_CESA-2012_0126_glibc_centos5.nasl |
2012-06-06 | Name : RedHat Update for glibc RHSA-2011:0413-01 File : nvt/gb_RHSA-2011_0413-01_glibc.nasl |
2012-03-16 | Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX... File : nvt/gb_VMSA-2011-0012.nasl |
2012-03-12 | Name : Ubuntu Update for eglibc USN-1396-1 File : nvt/gb_ubuntu_USN_1396_1.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0126-01 File : nvt/gb_RHSA-2012_0126-01_glibc.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0125-01 File : nvt/gb_RHSA-2012_0125-01_glibc.nasl |
2011-11-28 | Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2010:0787 centos5 i386 File : nvt/gb_CESA-2010_0787_glibc_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2010:0793 centos5 i386 File : nvt/gb_CESA-2010_0793_glibc_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2011:0412 centos5 i386 File : nvt/gb_CESA-2011_0412_glibc_centos5_i386.nasl |
2011-04-06 | Name : RedHat Update for glibc RHSA-2011:0412-01 File : nvt/gb_RHSA-2011_0412-01_glibc.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201011-01 (glibc) File : nvt/glsa_201011_01.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2122-2 (glibc) File : nvt/deb_2122_2.nasl |
2011-01-14 | Name : Ubuntu Update for eglibc, glibc vulnerability USN-1009-2 File : nvt/gb_ubuntu_USN_1009_2.nasl |
2010-12-02 | Name : Fedora Update for glibc FEDORA-2010-16308 File : nvt/gb_fedora_2010_16308_glibc_fc14.nasl |
2010-12-02 | Name : Fedora Update for glibc FEDORA-2010-16851 File : nvt/gb_fedora_2010_16851_glibc_fc14.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2122-1 (glibc) File : nvt/deb_2122_1.nasl |
2010-11-16 | Name : Fedora Update for glibc FEDORA-2010-16641 File : nvt/gb_fedora_2010_16641_glibc_fc12.nasl |
2010-11-16 | Name : SuSE Update for glibc SUSE-SA:2010:052 File : nvt/gb_suse_2010_052.nasl |
2010-11-04 | Name : Fedora Update for glibc FEDORA-2010-16655 File : nvt/gb_fedora_2010_16655_glibc_fc13.nasl |
2010-11-04 | Name : RedHat Update for glibc RHSA-2010:0793-01 File : nvt/gb_RHSA-2010_0793-01_glibc.nasl |
2010-10-26 | Name : Fedora Update for glibc FEDORA-2010-16594 File : nvt/gb_fedora_2010_16594_glibc_fc13.nasl |
2010-10-26 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 File : nvt/gb_ubuntu_USN_1009_1.nasl |
2010-10-26 | Name : Mandriva Update for glibc MDVSA-2010:212 (glibc) File : nvt/gb_mandriva_MDVSA_2010_212.nasl |
2010-10-22 | Name : RedHat Update for glibc RHSA-2010:0787-01 File : nvt/gb_RHSA-2010_0787-01_glibc.nasl |
2010-10-22 | Name : Mandriva Update for glibc MDVSA-2010:207 (glibc) File : nvt/gb_mandriva_MDVSA_2010_207.nasl |
2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:111 (glibc) File : nvt/gb_mandriva_MDVSA_2010_111.nasl |
2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:112 (glibc) File : nvt/gb_mandriva_MDVSA_2010_112.nasl |
2010-06-10 | Name : Debian Security Advisory DSA 2058-1 (glibc, eglibc) File : nvt/deb_2058_1.nasl |
2010-05-28 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1 File : nvt/gb_ubuntu_USN_944_1.nasl |
2010-04-06 | Name : Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace) File : nvt/gb_mandriva_MDVA_2010_112.nasl |
2010-04-06 | Name : Mandriva Update for initscripts MDVA-2010:111 (initscripts) File : nvt/gb_mandriva_MDVA_2010_111.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-295-01 glibc File : nvt/esoft_slk_ssa_2010_295_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-301-01 glibc File : nvt/esoft_slk_ssa_2010_301_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
73407 | GNU C Library locale/programs/locale.c Output Quoting Localization Environmen... |
68920 | GNU C Library Dynamic Linker LD_AUDIT non-setuid Library Loading Issue GNU C Library contains a flaw related to 'ld.so' failing to properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects as audit objects. This may allow a local attacker to gain elevated privileges via an unsafe DSO located in a trusted library directory. |
68721 | GNU C Library Dynamic Linker $ORIGIN Substitution Expansion Weakness Local Pr... The weakness is caused due to dynamic linker expanding the "$ORIGIN" substitution for privileged applications, which can be exploited to gain escalated privileges by e.g. hard linking to a setuid application and forcing the expansion of "$ORIGIN" via "LD_AUDIT". |
65080 | GNU C Library strfmon Implementation Crafted Format String Overflow DoS |
65079 | GNU C Library stdlib/strfmon_l.c __vstrfmon_l Function Format String Overflow... |
65078 | GNU C Library misc/mntent_r.c encode_name Macro Crafted Mount Request Local DoS |
65077 | GNU C Library ld.so elf/dynamic-link.h elf_get_dynamic_info Crafted ELF Progr... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
2011-10-27 | IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi Severity : Category I - VMSKEY : V0030545 |
2011-08-04 | IAVM : 2011-A-0108 - Multiple Vulnerabilities in VMware ESX Service Console Severity : Category I - VMSKEY : V0029562 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0010_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0001_remote.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_glibc-101027.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0872.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0793.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0413.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2012-12-24 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2012-0018.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110404_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101020_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1396-1.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100709.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-110517.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7574.nasl - Type : ACT_GATHER_INFO |
2011-11-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO |
2011-10-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO |
2011-08-01 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0010.nasl - Type : ACT_GATHER_INFO |
2011-06-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7575.nasl - Type : ACT_GATHER_INFO |
2011-06-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-110516.nasl - Type : ACT_GATHER_INFO |
2011-06-28 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12775.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0413.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100708.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1009-2.nasl - Type : ACT_GATHER_INFO |
2011-01-06 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0001.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0793.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0872.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16641.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16655.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-301-01.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16851.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO |
2010-10-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0793.nasl - Type : ACT_GATHER_INFO |
2010-10-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-212.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16594.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2122.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-295-01.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1009-1.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-207.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16308.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12641.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-112.nasl - Type : ACT_GATHER_INFO |
2010-06-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2058.nasl - Type : ACT_GATHER_INFO |
2010-06-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-111.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-944-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:57 |
|