Executive Summary
Summary | |
---|---|
Title | glibc security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0126 | First vendor Publication | 2012-02-13 |
Vendor | RedHat | Last vendor Modification | 2012-02-13 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 599056 - CVE-2010-0830 glibc: ld.so d_tag signedness error in elf_get_dynamic_info 688980 - CVE-2011-1089 glibc: Suid mount helpers fail to anticipate RLIMIT_FSIZE 692393 - CVE-2009-5064 glibc: ldd unexpected code execution issue 761245 - CVE-2009-5029 glibc: __tzfile_read integer overflow to buffer overflow 767299 - CVE-2011-4609 glibc: svc_run() produces high cpu usage when accept() fails with EMFILE error |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0126.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
20 % | CWE-399 | Resource Management Errors |
20 % | CWE-264 | Permissions, Privileges, and Access Controls |
20 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13533 | |||
Oval ID: | oval:org.mitre.oval:def:13533 | ||
Title: | DSA-2058-1 glibc, eglibc -- multiple | ||
Description: | Several vulnerabilities have been discovered in the GNU C Library and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. For the stable distribution, these problems have been fixed in version 2.7-18lenny4 of the glibc package. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.1.11-1 of the eglibc package. We recommend that you upgrade your glibc or eglibc packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2058-1 CVE-2008-1391 CVE-2009-4880 CVE-2009-4881 CVE-2010-0296 CVE-2010-0830 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | glibc eglibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20289 | |||
Oval ID: | oval:org.mitre.oval:def:20289 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | ** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-5064 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20487 | |||
Oval ID: | oval:org.mitre.oval:def:20487 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-5029 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20507 | |||
Oval ID: | oval:org.mitre.oval:def:20507 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1089 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20676 | |||
Oval ID: | oval:org.mitre.oval:def:20676 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-4609 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20684 | |||
Oval ID: | oval:org.mitre.oval:def:20684 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0830 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21296 | |||
Oval ID: | oval:org.mitre.oval:def:21296 | ||
Title: | RHSA-2012:0058: glibc security and bug fix update (Moderate) | ||
Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0058-01 CESA-2012:0058 CVE-2009-5029 CVE-2011-4609 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21365 | |||
Oval ID: | oval:org.mitre.oval:def:21365 | ||
Title: | RHSA-2012:0126: glibc security update (Moderate) | ||
Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0126-01 CESA-2012:0126 CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2011-1089 CVE-2011-4609 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22910 | |||
Oval ID: | oval:org.mitre.oval:def:22910 | ||
Title: | ELSA-2012:0126: glibc security update (Moderate) | ||
Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0126-01 CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2011-1089 CVE-2011-4609 | Version: | 25 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23809 | |||
Oval ID: | oval:org.mitre.oval:def:23809 | ||
Title: | ELSA-2012:0058: glibc security and bug fix update (Moderate) | ||
Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0058-01 CVE-2009-5029 CVE-2011-4609 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25222 | |||
Oval ID: | oval:org.mitre.oval:def:25222 | ||
Title: | SUSE-SU-2013:1287-1 -- Security update for glibc | ||
Description: | This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results (bnc#828637) - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) - Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029] Also several bugs were fixed: - Fix locking in _IO_cleanup. (bnc#796982) - Fix memory leak in execve. (bnc#805899) - Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn't found, for multithreaded programs. [bnc #760216] - Fix problem with TLS and dlopen. [#732110] - Backported regex fix for skipping of valid EUC-JP matches [bnc#743689] - Fixed false regex match on incomplete chars in EUC-JP [bnc#743689] - Add glibc-pmap-timeout.diff in order to fix useless connection attempts to NFS servers. [bnc #661460] | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1287-1 CVE-2013-1914 CVE-2010-4756 CVE-2012-3480 CVE-2011-1089 CVE-2012-0864 CVE-2009-5029 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 10 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25868 | |||
Oval ID: | oval:org.mitre.oval:def:25868 | ||
Title: | SUSE-SU-2013:1251-1 -- Security update for glibc | ||
Description: | This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: * Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) * Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) * Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) * Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) * Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] * Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) * Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed: * Fix locking in _IO_cleanup. (bnc#796982) * Fix resolver when first query fails, but seconds succeeds. [bnc #767266] | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1251-1 CVE-2013-1914 CVE-2012-3480 CVE-2012-3405 CVE-2012-3406 CVE-2010-4756 CVE-2011-1089 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26787 | |||
Oval ID: | oval:org.mitre.oval:def:26787 | ||
Title: | RHSA-2011:1526 -- glibc security, bug fix, and enhancement update (Low) | ||
Description: | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089 issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users are advised to upgrade to these updated glibc packages, which contain backported patches to resolve these issues and add these enhancements. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1526 CVE-2009-5064 CVE-2011-1089 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27898 | |||
Oval ID: | oval:org.mitre.oval:def:27898 | ||
Title: | DEPRECATED: ELSA-2012-0058 -- glibc security and bug fix update (moderate) | ||
Description: | [2.12-1.47.el6_2.5] - Avoid high cpu usage when accept fails with EMFILE (#767692) [2.12-1.47.el6_2.4] - Make implementation of ARENAS_TEST and ARENAS_MAX match documentation (#769594) - Check malloc arena atomically (#769594) [2.12-1.47.el6_2.3] - Check values from TZ file header (#767692) [2.12-1.47.el6_2.2] - Correctly reparse group line after enlarging the buffer (#766484) [2.12-1.47.el6_2.1] - Fix grouping and reuse other locales in various locales (#754116) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0058 CVE-2009-5029 CVE-2011-4609 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27927 | |||
Oval ID: | oval:org.mitre.oval:def:27927 | ||
Title: | DEPRECATED: ELSA-2012-0126 -- glibc security update (moderate) | ||
Description: | [2.5-65.el5_7.3] - Use correct type when casting d_tag (#767687) - Report write error in addmnt even for cached streams (#767687) - ldd: Never run file directly (#767687). - Workaround misconfigured system (#767687) [2.5-65.el5_7.2] - Check values from TZ file header (#767687) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0126 CVE-2010-0830 CVE-2009-5029 CVE-2009-5064 CVE-2011-1089 CVE-2011-4609 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28049 | |||
Oval ID: | oval:org.mitre.oval:def:28049 | ||
Title: | ELSA-2011-1526 -- glibc security, bug fix, and enhancement update (low) | ||
Description: | A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1526 CVE-2009-5064 CVE-2011-1089 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-27 | Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi File : nvt/gb_VMSA-2012-0018.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2012-041-03 glibc File : nvt/esoft_slk_ssa_2012_041_03.nasl |
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-08-03 | Name : Mandriva Update for ncpfs MDVSA-2012:084 (ncpfs) File : nvt/gb_mandriva_MDVSA_2012_084.nasl |
2012-08-03 | Name : Mandriva Update for util-linux MDVSA-2012:083 (util-linux) File : nvt/gb_mandriva_MDVSA_2012_083.nasl |
2012-08-02 | Name : SuSE Update for glibc openSUSE-SU-2012:0064-1 (glibc) File : nvt/gb_suse_2012_0064_1.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0125 centos4 File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0126 centos5 File : nvt/gb_CESA-2012_0126_glibc_centos5.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0058 centos6 File : nvt/gb_CESA-2012_0058_glibc_centos6.nasl |
2012-07-09 | Name : RedHat Update for glibc RHSA-2011:1526-03 File : nvt/gb_RHSA-2011_1526-03_glibc.nasl |
2012-07-09 | Name : RedHat Update for glibc RHSA-2012:0058-01 File : nvt/gb_RHSA-2012_0058-01_glibc.nasl |
2012-03-12 | Name : Ubuntu Update for eglibc USN-1396-1 File : nvt/gb_ubuntu_USN_1396_1.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0125-01 File : nvt/gb_RHSA-2012_0125-01_glibc.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0126-01 File : nvt/gb_RHSA-2012_0126-01_glibc.nasl |
2012-01-20 | Name : Fedora Update for glibc FEDORA-2012-0018 File : nvt/gb_fedora_2012_0018_glibc_fc15.nasl |
2011-11-28 | Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl |
2011-10-14 | Name : Mandriva Update for samba MDVSA-2011:148 (samba) File : nvt/gb_mandriva_MDVSA_2011_148.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201011-01 (glibc) File : nvt/glsa_201011_01.nasl |
2010-11-16 | Name : SuSE Update for glibc SUSE-SA:2010:052 File : nvt/gb_suse_2010_052.nasl |
2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:112 (glibc) File : nvt/gb_mandriva_MDVSA_2010_112.nasl |
2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:111 (glibc) File : nvt/gb_mandriva_MDVSA_2010_111.nasl |
2010-06-10 | Name : Debian Security Advisory DSA 2058-1 (glibc, eglibc) File : nvt/deb_2058_1.nasl |
2010-05-28 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1 File : nvt/gb_ubuntu_USN_944_1.nasl |
2010-04-06 | Name : Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace) File : nvt/gb_mandriva_MDVA_2010_112.nasl |
2010-04-06 | Name : Mandriva Update for initscripts MDVA-2010:111 (initscripts) File : nvt/gb_mandriva_MDVA_2010_111.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78316 | GNU C Library (glibc) Multiple Function EMFILE Error Handling Remote DoS |
77508 | GNU C Library time/tzfile.c __tzfile_read() Function Timezone File Handling R... |
74883 | GNU C Library addmntent Function mtab Write RLIMIT_FSIZE Value Handling Local... |
74278 | GNU C Library ldd LD_TRACE_LOADED_OBJECTS Check Modified Executable Loader Lo... |
65077 | GNU C Library ld.so elf/dynamic-link.h elf_get_dynamic_info Crafted ELF Progr... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1287-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1251-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1488-1.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0109.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_glibc-111219.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_glibc-111219.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-32.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-39.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0058.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-048.nasl - Type : ACT_GATHER_INFO |
2012-12-24 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2012-0018.nasl - Type : ACT_GATHER_INFO |
2012-11-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-8351.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-05-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-083.nasl - Type : ACT_GATHER_INFO |
2012-05-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-084.nasl - Type : ACT_GATHER_INFO |
2012-03-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1396-1.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2012-02-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-041-03.nasl - Type : ACT_GATHER_INFO |
2012-01-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0058.nasl - Type : ACT_GATHER_INFO |
2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0058.nasl - Type : ACT_GATHER_INFO |
2012-01-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0018.nasl - Type : ACT_GATHER_INFO |
2012-01-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-111219.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100709.nasl - Type : ACT_GATHER_INFO |
2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1526.nasl - Type : ACT_GATHER_INFO |
2011-11-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-148.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100708.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12641.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-112.nasl - Type : ACT_GATHER_INFO |
2010-06-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2058.nasl - Type : ACT_GATHER_INFO |
2010-06-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-111.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-944-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:37 |
|
2013-05-02 21:20:22 |
|