Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:178 | First vendor Publication | 2011-11-25 |
Vendor | Mandriva | Last vendor Modification | 2011-11-25 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities was discovered and fixed in glibc: Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 (CVE-2011-0536). The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome (CVE-2011-1071). The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function (CVE-2011-1095). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
14 % | CWE-399 | Resource Management Errors |
14 % | CWE-310 | Cryptographic Issues |
14 % | CWE-264 | Permissions, Privileges, and Access Controls |
14 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
14 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
14 % | CWE-20 | Improper Input Validation |
14 % | CWE-16 | Configuration |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12104 | |||
Oval ID: | oval:org.mitre.oval:def:12104 | ||
Title: | Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library | ||
Description: | Google Chrome before 5.0.375.125 does not properly mitigate an unspecified flaw in the GNU C Library, which has unknown impact and attack vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2898 | Version: | 13 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12272 | |||
Oval ID: | oval:org.mitre.oval:def:12272 | ||
Title: | VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1095 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12853 | |||
Oval ID: | oval:org.mitre.oval:def:12853 | ||
Title: | VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1071 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13086 | |||
Oval ID: | oval:org.mitre.oval:def:13086 | ||
Title: | VMSA-2011-0010 VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0536 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18286 | |||
Oval ID: | oval:org.mitre.oval:def:18286 | ||
Title: | DSA-2340-1 postgresql - weak password hashing | ||
Description: | magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2340-1 CVE-2011-2483 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 | Product(s): | postgresql-8.4 postgresql-8.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19613 | |||
Oval ID: | oval:org.mitre.oval:def:19613 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0536 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19654 | |||
Oval ID: | oval:org.mitre.oval:def:19654 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has $ORIGIN in (a) RPATH or (b) RUNPATH within the program itself or a referenced library. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-0536 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19821 | |||
Oval ID: | oval:org.mitre.oval:def:19821 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3847 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19899 | |||
Oval ID: | oval:org.mitre.oval:def:19899 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1659 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20099 | |||
Oval ID: | oval:org.mitre.oval:def:20099 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1095 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20361 | |||
Oval ID: | oval:org.mitre.oval:def:20361 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1071 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20393 | |||
Oval ID: | oval:org.mitre.oval:def:20393 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0296 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20420 | |||
Oval ID: | oval:org.mitre.oval:def:20420 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a "stack extension attack," a related issue to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported for use of this library by Google Chrome. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1071 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20430 | |||
Oval ID: | oval:org.mitre.oval:def:20430 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1659 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20507 | |||
Oval ID: | oval:org.mitre.oval:def:20507 | ||
Title: | VMware vSphere and vCOps updates to third party libraries | ||
Description: | The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1089 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20579 | |||
Oval ID: | oval:org.mitre.oval:def:20579 | ||
Title: | USN-1229-1 -- postgresql-8.3, postgresql-8.4 vulnerability | ||
Description: | PostgreSQL incorrectly handled blowfish passwords. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1229-1 CVE-2011-2483 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | postgresql-8.4 postgresql-8.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20586 | |||
Oval ID: | oval:org.mitre.oval:def:20586 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0296 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20638 | |||
Oval ID: | oval:org.mitre.oval:def:20638 | ||
Title: | VMware ESX third party updates for Service Console packages glibc and dhcp | ||
Description: | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2011-1095 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21331 | |||
Oval ID: | oval:org.mitre.oval:def:21331 | ||
Title: | RHSA-2011:0413: glibc security update (Important) | ||
Description: | Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0413-01 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659 | Version: | 68 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21873 | |||
Oval ID: | oval:org.mitre.oval:def:21873 | ||
Title: | RHSA-2011:0412: glibc security update (Important) | ||
Description: | Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0412-01 CESA-2011:0412 CVE-2010-0296 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659 | Version: | 81 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22199 | |||
Oval ID: | oval:org.mitre.oval:def:22199 | ||
Title: | RHSA-2010:0787: glibc security update (Important) | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0787-01 CESA-2010:0787 CVE-2010-3847 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23012 | |||
Oval ID: | oval:org.mitre.oval:def:23012 | ||
Title: | ELSA-2010:0787: glibc security update (Important) | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0787-01 CVE-2010-3847 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23052 | |||
Oval ID: | oval:org.mitre.oval:def:23052 | ||
Title: | ELSA-2011:0412: glibc security update (Important) | ||
Description: | Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0412-01 CVE-2010-0296 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23373 | |||
Oval ID: | oval:org.mitre.oval:def:23373 | ||
Title: | ELSA-2011:0413: glibc security update (Important) | ||
Description: | Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0413-01 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659 | Version: | 25 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:25868 | |||
Oval ID: | oval:org.mitre.oval:def:25868 | ||
Title: | SUSE-SU-2013:1251-1 -- Security update for glibc | ||
Description: | This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: * Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) * Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) * Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) * Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) * Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] * Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) * Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed: * Fix locking in _IO_cleanup. (bnc#796982) * Fix resolver when first query fails, but seconds succeeds. [bnc #767266] | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1251-1 CVE-2013-1914 CVE-2012-3480 CVE-2012-3405 CVE-2012-3406 CVE-2010-4756 CVE-2011-1089 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26787 | |||
Oval ID: | oval:org.mitre.oval:def:26787 | ||
Title: | RHSA-2011:1526 -- glibc security, bug fix, and enhancement update (Low) | ||
Description: | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089 issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users are advised to upgrade to these updated glibc packages, which contain backported patches to resolve these issues and add these enhancements. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:1526 CVE-2009-5064 CVE-2011-1089 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27432 | |||
Oval ID: | oval:org.mitre.oval:def:27432 | ||
Title: | DEPRECATED: ELSA-2011-0413 -- glibc security update (important) | ||
Description: | [2.12-1.7.el6_0.5] - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071) - Properly quote output of locale (#625893, CVE-2011-1095) - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of when privileged (#667974, CVE-2011-0536) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0413 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27665 | |||
Oval ID: | oval:org.mitre.oval:def:27665 | ||
Title: | DEPRECATED: ELSA-2010-0787 -- glibc security update (important) | ||
Description: | [2.5-49.el5_5.6] - Never expand in privileged programs (#643818, CVE-2010-3847) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0787 CVE-2010-3847 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27918 | |||
Oval ID: | oval:org.mitre.oval:def:27918 | ||
Title: | DEPRECATED: ELSA-2011-0412 -- glibc security update (important) | ||
Description: | [2.5-58.el5_6.2] - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071) - Properly quote output of locale (#625893, CVE-2011-1095) - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of when privileged (#667974, CVE-2011-0536) - Fix handling of newline in addmntent (#559579, CVE-2010-0296) [2.5-58.el5_6.1] - Don't ignore in libraries (#682991) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0412 CVE-2010-0296 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28049 | |||
Oval ID: | oval:org.mitre.oval:def:28049 | ||
Title: | ELSA-2011-1526 -- glibc security, bug fix, and enhancement update (low) | ||
Description: | A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-1526 CVE-2009-5064 CVE-2011-1089 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-10-22 | GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability |
2010-10-18 | GNU C library dynamic linker $ORIGIN expansion Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-12-27 | Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi File : nvt/gb_VMSA-2012-0018.nasl |
2012-09-10 | Name : Slackware Advisory SSA:2011-237-01 php File : nvt/esoft_slk_ssa_2011_237_01.nasl |
2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
2012-08-03 | Name : Mandriva Update for ncpfs MDVSA-2012:084 (ncpfs) File : nvt/gb_mandriva_MDVSA_2012_084.nasl |
2012-08-03 | Name : Mandriva Update for util-linux MDVSA-2012:083 (util-linux) File : nvt/gb_mandriva_MDVSA_2012_083.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0126 centos5 File : nvt/gb_CESA-2012_0126_glibc_centos5.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2012:0125 centos4 File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl |
2012-07-30 | Name : CentOS Update for glibc CESA-2011:0412 centos5 x86_64 File : nvt/gb_CESA-2011_0412_glibc_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for php53 CESA-2011:1423 centos5 x86_64 File : nvt/gb_CESA-2011_1423_php53_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for postgresql CESA-2011:1377 centos4 x86_64 File : nvt/gb_CESA-2011_1377_postgresql_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for postgresql CESA-2011:1377 centos5 x86_64 File : nvt/gb_CESA-2011_1377_postgresql_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 x86_64 File : nvt/gb_CESA-2011_1378_postgresql84_centos5_x86_64.nasl |
2012-07-09 | Name : RedHat Update for glibc RHSA-2011:1526-03 File : nvt/gb_RHSA-2011_1526-03_glibc.nasl |
2012-06-06 | Name : RedHat Update for glibc RHSA-2011:0413-01 File : nvt/gb_RHSA-2011_0413-01_glibc.nasl |
2012-04-02 | Name : Fedora Update for maniadrive FEDORA-2011-11464 File : nvt/gb_fedora_2011_11464_maniadrive_fc16.nasl |
2012-03-19 | Name : Fedora Update for php-eaccelerator FEDORA-2011-11464 File : nvt/gb_fedora_2011_11464_php-eaccelerator_fc16.nasl |
2012-03-19 | Name : Fedora Update for php FEDORA-2011-11464 File : nvt/gb_fedora_2011_11464_php_fc16.nasl |
2012-03-16 | Name : VMSA-2011-0012.3 VMware ESXi and ESX updates to third party libraries and ESX... File : nvt/gb_VMSA-2011-0012.nasl |
2012-03-12 | Name : Ubuntu Update for eglibc USN-1396-1 File : nvt/gb_ubuntu_USN_1396_1.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0125-01 File : nvt/gb_RHSA-2012_0125-01_glibc.nasl |
2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0126-01 File : nvt/gb_RHSA-2012_0126-01_glibc.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-06 (php) File : nvt/glsa_201110_06.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2399-2 (php5) File : nvt/deb_2399_2.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2399-1 (php5) File : nvt/deb_2399_1.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2011-12-23 | Name : Mandriva Update for php-suhosin MDVSA-2011:180 (php-suhosin) File : nvt/gb_mandriva_MDVSA_2011_180.nasl |
2011-11-28 | Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl |
2011-11-11 | Name : CentOS Update for postgresql CESA-2011:1377 centos4 i386 File : nvt/gb_CESA-2011_1377_postgresql_centos4_i386.nasl |
2011-11-08 | Name : Mandriva Update for php MDVSA-2011:165 (php) File : nvt/gb_mandriva_MDVSA_2011_165.nasl |
2011-11-03 | Name : CentOS Update for php53 CESA-2011:1423 centos5 i386 File : nvt/gb_CESA-2011_1423_php53_centos5_i386.nasl |
2011-11-03 | Name : RedHat Update for php53 and php RHSA-2011:1423-01 File : nvt/gb_RHSA-2011_1423-01_php53_and_php.nasl |
2011-10-31 | Name : Mandriva Update for postgresql MDVSA-2011:161 (postgresql) File : nvt/gb_mandriva_MDVSA_2011_161.nasl |
2011-10-21 | Name : Ubuntu Update for php5 USN-1231-1 File : nvt/gb_ubuntu_USN_1231_1.nasl |
2011-10-21 | Name : RedHat Update for postgresql84 RHSA-2011:1378-01 File : nvt/gb_RHSA-2011_1378-01_postgresql84.nasl |
2011-10-21 | Name : RedHat Update for postgresql RHSA-2011:1377-01 File : nvt/gb_RHSA-2011_1377-01_postgresql.nasl |
2011-10-21 | Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 i386 File : nvt/gb_CESA-2011_1378_postgresql84_centos5_i386.nasl |
2011-10-21 | Name : CentOS Update for postgresql CESA-2011:1377 centos5 i386 File : nvt/gb_CESA-2011_1377_postgresql_centos5_i386.nasl |
2011-10-14 | Name : Mandriva Update for samba MDVSA-2011:148 (samba) File : nvt/gb_mandriva_MDVSA_2011_148.nasl |
2011-10-14 | Name : Ubuntu Update for postgresql-8.4 USN-1229-1 File : nvt/gb_ubuntu_USN_1229_1.nasl |
2011-09-21 | Name : FreeBSD Ports: php5, php5-sockets File : nvt/freebsd_php513.nasl |
2011-09-20 | Name : Fedora Update for maniadrive FEDORA-2011-11528 File : nvt/gb_fedora_2011_11528_maniadrive_fc15.nasl |
2011-09-20 | Name : Fedora Update for php-eaccelerator FEDORA-2011-11528 File : nvt/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl |
2011-09-20 | Name : Fedora Update for php FEDORA-2011-11528 File : nvt/gb_fedora_2011_11528_php_fc15.nasl |
2011-09-20 | Name : Fedora Update for maniadrive FEDORA-2011-11537 File : nvt/gb_fedora_2011_11537_maniadrive_fc14.nasl |
2011-09-20 | Name : Fedora Update for php-eaccelerator FEDORA-2011-11537 File : nvt/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl |
2011-09-20 | Name : Fedora Update for php FEDORA-2011-11537 File : nvt/gb_fedora_2011_11537_php_fc14.nasl |
2011-09-07 | Name : PHP Multiple Vulnerabilities (Windows) - Sep 2011 File : nvt/gb_php_mult_vuln_win_sep11.nasl |
2011-08-29 | Name : PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities File : nvt/gb_php_49241.nasl |
2011-08-27 | Name : SuSE Update for glibc,pam-modules,libxcrypt,pwdutils SUSE-SA:2011:035 File : nvt/gb_suse_2011_035.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2011:0412 centos5 i386 File : nvt/gb_CESA-2011_0412_glibc_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2010:0787 centos5 i386 File : nvt/gb_CESA-2010_0787_glibc_centos5_i386.nasl |
2011-04-06 | Name : RedHat Update for glibc RHSA-2011:0412-01 File : nvt/gb_RHSA-2011_0412-01_glibc.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201011-01 (glibc) File : nvt/glsa_201011_01.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2122-2 (glibc) File : nvt/deb_2122_2.nasl |
2011-01-14 | Name : Ubuntu Update for eglibc, glibc vulnerability USN-1009-2 File : nvt/gb_ubuntu_USN_1009_2.nasl |
2010-12-02 | Name : Fedora Update for glibc FEDORA-2010-16308 File : nvt/gb_fedora_2010_16308_glibc_fc14.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2122-1 (glibc) File : nvt/deb_2122_1.nasl |
2010-11-16 | Name : Fedora Update for glibc FEDORA-2010-16641 File : nvt/gb_fedora_2010_16641_glibc_fc12.nasl |
2010-11-16 | Name : SuSE Update for glibc SUSE-SA:2010:052 File : nvt/gb_suse_2010_052.nasl |
2010-11-04 | Name : Fedora Update for glibc FEDORA-2010-16655 File : nvt/gb_fedora_2010_16655_glibc_fc13.nasl |
2010-10-26 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 File : nvt/gb_ubuntu_USN_1009_1.nasl |
2010-10-26 | Name : Fedora Update for glibc FEDORA-2010-16594 File : nvt/gb_fedora_2010_16594_glibc_fc13.nasl |
2010-10-22 | Name : Mandriva Update for glibc MDVSA-2010:207 (glibc) File : nvt/gb_mandriva_MDVSA_2010_207.nasl |
2010-10-22 | Name : RedHat Update for glibc RHSA-2010:0787-01 File : nvt/gb_RHSA-2010_0787-01_glibc.nasl |
2010-08-02 | Name : Google Chrome Multiple Unspecified Vulnerabilities - July 10 File : nvt/secpod_google_chrome_mult_unspecified_vuln_jul10.nasl |
2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:112 (glibc) File : nvt/gb_mandriva_MDVSA_2010_112.nasl |
2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:111 (glibc) File : nvt/gb_mandriva_MDVSA_2010_111.nasl |
2010-06-10 | Name : Debian Security Advisory DSA 2058-1 (glibc, eglibc) File : nvt/deb_2058_1.nasl |
2010-05-28 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1 File : nvt/gb_ubuntu_USN_944_1.nasl |
2010-04-06 | Name : Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace) File : nvt/gb_mandriva_MDVA_2010_112.nasl |
2010-04-06 | Name : Mandriva Update for initscripts MDVA-2010:111 (initscripts) File : nvt/gb_mandriva_MDVA_2010_111.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-295-01 glibc File : nvt/esoft_slk_ssa_2010_295_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74883 | GNU C Library addmntent Function mtab Write RLIMIT_FSIZE Value Handling Local... |
74742 | PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure |
73407 | GNU C Library locale/programs/locale.c Output Quoting Localization Environmen... |
72796 | GNU C Library fnmatch() Function UTF8 String Handling Stack Corruption A memory corruption flaw exists in glibc. fnmatch() fails to sanitize user-supplied UTF8 strings resulting in memory corruption, allowing a context-dependent attacker to execute arbitrary code. |
72100 | GNU C Library posix/fnmatch.c fnmatch() Function Overflow DoS |
68721 | GNU C Library Dynamic Linker $ORIGIN Substitution Expansion Weakness Local Pr... The weakness is caused due to dynamic linker expanding the "$ORIGIN" substitution for privileged applications, which can be exploited to gain escalated privileges by e.g. hard linking to a setuid application and forcing the expansion of "$ORIGIN" via "LD_AUDIT". |
66751 | Google Chrome GNU C Library Flaw Mitigation Weakness Unspecified Issue |
65078 | GNU C Library misc/mntent_r.c encode_name Macro Crafted Mount Request Local DoS |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
2011-10-27 | IAVM : 2011-A-0147 - Multiple Vulnerabilities in VMware ESX and ESXi Severity : Category I - VMSKEY : V0030545 |
2011-08-04 | IAVM : 2011-A-0108 - Multiple Vulnerabilities in VMware ESX Service Console Severity : Category I - VMSKEY : V0029562 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-08-19 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL09408132.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0001_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0010_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0012_remote.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1336-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1488-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1251-1.nasl - Type : ACT_GATHER_INFO |
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1287-1.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO |
2014-11-28 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL15885.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-7.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-214.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-849.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_glibc-101027.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_glibc-110729.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_man-pages-110823.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_yast2-core-110822.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_glibc-110729.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_man-pages-110823.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_yast2-core-110822.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_0_build_515841_remote.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-07.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-12.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0872.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0413.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1377.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1378.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1423.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-048.nasl - Type : ACT_GATHER_INFO |
2012-12-24 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2012-0018.nasl - Type : ACT_GATHER_INFO |
2012-11-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-8351.nasl - Type : ACT_GATHER_INFO |
2012-10-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-8311.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO |
2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101020_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110404_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111017_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111017_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111102_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-05-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-083.nasl - Type : ACT_GATHER_INFO |
2012-05-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-084.nasl - Type : ACT_GATHER_INFO |
2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
2012-04-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-blowfish-7663.nasl - Type : ACT_GATHER_INFO |
2012-03-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1396-1.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-blowfish-110729.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2399.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100709.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-110517.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7574.nasl - Type : ACT_GATHER_INFO |
2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1526.nasl - Type : ACT_GATHER_INFO |
2011-11-29 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-180.nasl - Type : ACT_GATHER_INFO |
2011-11-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO |
2011-11-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2340.nasl - Type : ACT_GATHER_INFO |
2011-11-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-165.nasl - Type : ACT_GATHER_INFO |
2011-11-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO |
2011-11-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-161.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1231-1.nasl - Type : ACT_GATHER_INFO |
2011-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO |
2011-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO |
2011-10-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1229-1.nasl - Type : ACT_GATHER_INFO |
2011-10-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0012.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-148.nasl - Type : ACT_GATHER_INFO |
2011-09-19 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-11528.nasl - Type : ACT_GATHER_INFO |
2011-09-19 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-11537.nasl - Type : ACT_GATHER_INFO |
2011-09-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-11464.nasl - Type : ACT_GATHER_INFO |
2011-09-01 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_yast2-core-110830.nasl - Type : ACT_GATHER_INFO |
2011-08-31 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO |
2011-08-31 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_man-pages-110825.nasl - Type : ACT_GATHER_INFO |
2011-08-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-237-01.nasl - Type : ACT_GATHER_INFO |
2011-08-22 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_3_7.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_057bf770cac411e0aea300215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12813.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7659.nasl - Type : ACT_GATHER_INFO |
2011-08-01 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0010.nasl - Type : ACT_GATHER_INFO |
2011-06-28 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12775.nasl - Type : ACT_GATHER_INFO |
2011-06-28 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-110516.nasl - Type : ACT_GATHER_INFO |
2011-06-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7575.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0413.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100708.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1009-2.nasl - Type : ACT_GATHER_INFO |
2011-01-06 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0001.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0872.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16641.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-295-01.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2122.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16594.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1009-1.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-207.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16308.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12641.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-112.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_5_0_375_125.nasl - Type : ACT_GATHER_INFO |
2010-06-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2058.nasl - Type : ACT_GATHER_INFO |
2010-06-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-111.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-944-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:35 |
|
2013-05-11 00:48:42 |
|