Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2015:168 First vendor Publication 2015-03-30
Vendor Mandriva Last vendor Modification 2015-03-30
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Updated glibc packages fix security vulnerabilities:

Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with .. components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there (CVE-2014-0475).

David Reid, Glyph Lefkowitz, and Alex Gaynor discovered a bug where posix_spawn_file_actions_addopen fails to copy the path argument (glibc bz #17048) which can, in conjunction with many common memory management techniques from an application, lead to a use after free, or other vulnerabilities (CVE-2014-4043).

This update also fixes the following issues: x86: Disable x87 inline functions for SSE2 math (glibc bz #16510) malloc: Fix race in free() of fastbin chunk (glibc bz #15073)

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

This update removes support of loadable gconv transliteration modules. Besides the security vulnerability, the module loading code had functionality defects which prevented it from working for the intended purpose (CVE-2014-5119).

Adhemerval Zanella Netto discovered out-of-bounds reads in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364) that can be used to crash the systems, causing a denial of service conditions (CVE-2014-6040).

The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This update fixes the issue (CVE-2014-7817).

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers (CVE-2012-3406).

The nss_dns implementation of getnetbyname could run into an infinite loop if the DNS response contained a PTR record of an unexpected format (CVE-2014-9402).

Also glibc lock elision (new feature in glibc 2.18) has been disabled as it can break glibc at runtime on newer Intel hardware (due to hardware bug)

Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472).

The incorrect use of "__libc_use_alloca (newsize)" caused a different (and weaker) policy to be enforced which could allow a denial of service attack (CVE-2015-1473).

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:168

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11 % CWE-399 Resource Management Errors
11 % CWE-264 Permissions, Privileges, and Access Controls
11 % CWE-189 Numeric Errors (CWE/SANS Top 25)
11 % CWE-94 Failure to Control Generation of Code ('Code Injection')
11 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
11 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21252
 
Oval ID: oval:org.mitre.oval:def:21252
Title: RHSA-2012:1098: glibc security and bug fix update (Moderate)
Description: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family: unix Class: patch
Reference(s): RHSA-2012:1098-01
CESA-2012:1098
CVE-2012-3404
CVE-2012-3405
CVE-2012-3406
Version: 28
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21515
 
Oval ID: oval:org.mitre.oval:def:21515
Title: RHSA-2012:1097: glibc security and bug fix update (Moderate)
Description: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family: unix Class: patch
Reference(s): RHSA-2012:1097-00
CESA-2012:1097
CVE-2012-3406
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22825
 
Oval ID: oval:org.mitre.oval:def:22825
Title: ELSA-2012:1097: glibc security and bug fix update (Moderate)
Description: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family: unix Class: patch
Reference(s): ELSA-2012:1097-00
CVE-2012-3406
Version: 6
Platform(s): Oracle Linux 5
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23014
 
Oval ID: oval:org.mitre.oval:def:23014
Title: ELSA-2012:1098: glibc security and bug fix update (Moderate)
Description: The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.
Family: unix Class: patch
Reference(s): ELSA-2012:1098-01
CVE-2012-3404
CVE-2012-3405
CVE-2012-3406
Version: 17
Platform(s): Oracle Linux 6
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24848
 
Oval ID: oval:org.mitre.oval:def:24848
Title: DSA-2976-1 -- eglibc - security update
Description: Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.
Family: unix Class: patch
Reference(s): DSA-2976-1
CVE-2014-0475
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25541
 
Oval ID: oval:org.mitre.oval:def:25541
Title: SUSE-SU-2014:0920-1 -- Security update for glibc
Description: glibc has been updated to fix one security issue that could have resulted in free-after-use situations.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0920-1
CVE-2014-4043
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25837
 
Oval ID: oval:org.mitre.oval:def:25837
Title: USN-2328-1 -- eglibc vulnerability
Description: Certain applications could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2328-1
CVE-2014-5119
CVE-2014-0475
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26211
 
Oval ID: oval:org.mitre.oval:def:26211
Title: USN-2306-1 -- eglibc vulnerabilities
Description: Several security issues were fixed in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-1
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26388
 
Oval ID: oval:org.mitre.oval:def:26388
Title: RHSA-2014:1110: glibc security update (Important)
Description: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
Family: unix Class: patch
Reference(s): RHSA-2014:1110-00
CESA-2014:1110
CVE-2014-0475
CVE-2014-5119
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
CentOS Linux 5
CentOS Linux 6
CentOS Linux 7
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26402
 
Oval ID: oval:org.mitre.oval:def:26402
Title: USN-2306-2 -- eglibc regression
Description: USN-2306-1 introduced a regression in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-2
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26688
 
Oval ID: oval:org.mitre.oval:def:26688
Title: DSA-3012-1 eglibc - security update
Description: Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-3012-1
CVE-2014-5119
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26728
 
Oval ID: oval:org.mitre.oval:def:26728
Title: USN-2306-3 -- eglibc regression
Description: USN-2306-1 introduced a regression in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-3
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26789
 
Oval ID: oval:org.mitre.oval:def:26789
Title: SUSE-SU-2014:1125-1 -- Security update for glibc
Description: This glibc update fixes a critical privilege escalation problem and two non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) * bnc#892065: setenv-alloca.patch: Avoid unbound alloca in setenv. * bnc#888347: printf-multibyte-format.patch: Don't parse %s format argument as multi-byte string. Security Issues: * CVE-2014-5119 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1125-1
CVE-2014-5119
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26792
 
Oval ID: oval:org.mitre.oval:def:26792
Title: SUSE-SU-2014:1027-1 -- Security update for glibc
Description: This glibc update contains one security and two non security fixes.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1027-1
CVE-2014-0475
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26797
 
Oval ID: oval:org.mitre.oval:def:26797
Title: SUSE-SU-2014:1213-1 -- Security update for bash
Description: ash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Security Issues: * CVE-2014-6271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1213-1
CVE-2014-6271
CVE-2014-0475
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26821
 
Oval ID: oval:org.mitre.oval:def:26821
Title: SUSE-SU-2014:1214-1 -- Security update for bash
Description: ash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Additionally, the following bugs have been fixed: * Avoid possible buffer overflow when expanding the /dev/fd prefix with e.g. the test built-in. (CVE-2012-3410) * Enable workaround for changed behavior of sshd. (bnc#688469) Security Issues: * CVE-2014-6271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271> * CVE-2012-3410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1214-1
CVE-2014-6271
CVE-2012-3410
CVE-2014-0475
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26978
 
Oval ID: oval:org.mitre.oval:def:26978
Title: DEPRECATED: SUSE-SU-2014:1027-1 -- Security update for glibc
Description: This glibc update contains one security and two non security fixes.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1027-1
CVE-2014-0475
Version: 4
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27192
 
Oval ID: oval:org.mitre.oval:def:27192
Title: ELSA-2014-1110 -- glibc security update (important)
Description: An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475)
Family: unix Class: patch
Reference(s): ELSA-2014-1110
CVE-2014-0475
CVE-2014-5119
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27827
 
Oval ID: oval:org.mitre.oval:def:27827
Title: DEPRECATED: ELSA-2012-1098 -- glibc security and bug fix update (moderate)
Description: [2.12-1.80.el6_3.3] - Fix incorrect/corrupt patchfile for 833716. Did not affect generated code, but tests were missing (#833716). [2.12-1.80.el6_3.2] - Fix regression after patch for BZ804630 (#837026). [2.12-1.80.el6_3.1] - Fixes an unbound alloca and related problems. (#833716)
Family: unix Class: patch
Reference(s): ELSA-2012-1098
CVE-2012-3404
CVE-2012-3405
CVE-2012-3406
Version: 4
Platform(s): Oracle Linux 6
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27845
 
Oval ID: oval:org.mitre.oval:def:27845
Title: DEPRECATED: ELSA-2012-1097 -- glibc security and bug fix update (moderate)
Description: [2.5-81.el5_8.4] - Fix iconv() segfault if the invalid multibyte character 0xffff is input when converting from IBM930 (#837896) [2.5-81.el5_8.3] - Fix unbound alloca in vfprintf (#833720)
Family: unix Class: patch
Reference(s): ELSA-2012-1097
CVE-2012-3406
Version: 4
Platform(s): Oracle Linux 5
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28047
 
Oval ID: oval:org.mitre.oval:def:28047
Title: USN-2432-1 -- GNU C Library vulnerabilities
Description: Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2012-6656">CVE-2012-6656</a>) Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-6040">CVE-2014-6040</a>) Tim Waugh discovered that the GNU C Library incorrectly enforced the WRDE_NOCMD flag when handling the wordexp function. An attacker could possibly use this issue to execute arbitrary commands. (<a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-7817">CVE-2014-7817</a>)
Family: unix Class: patch
Reference(s): USN-2432-1
CVE-2012-6656
CVE-2014-6040
CVE-2014-7817
Version: 5
Platform(s): Ubuntu 14.10
Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): eglibc
glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28088
 
Oval ID: oval:org.mitre.oval:def:28088
Title: ELSA-2014-2023 -- glibc security and bug fix update (moderate)
Description: [2.17-55.0.4.el7_0.3] - Remove strstr and strcasestr implementations using sse4.2 instructions. - Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and 1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi) [2.17-55.3] - Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118) [2.17-55.2] - ftell: seek to end only when there are unflushed bytes (#1170187). [2.17-55.1] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,
Family: unix Class: patch
Reference(s): ELSA-2014-2023
CVE-2014-7817
Version: 3
Platform(s): Oracle Linux 7
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28439
 
Oval ID: oval:org.mitre.oval:def:28439
Title: RHSA-2014:2023 -- glibc security and bug fix update (Moderate)
Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817) This issue was discovered by Tim Waugh of the Red Hat Developer Experience Team. This update also fixes the following bug: * Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur. (BZ#1170187) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2014:2023
CESA-2014:2023
CVE-2014-7817
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): glibc
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 116
Application 1
Os 9
Os 1
Os 2
Os 2

ExploitDB Exploits

id Description
2014-08-27 glibc Off-by-One NUL Byte gconv_translit_find Exploit

OpenVAS Exploits

Date Description
2012-12-27 Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi
File : nvt/gb_VMSA-2012-0018.nasl
2012-12-18 Name : Ubuntu Update for glibc USN-1589-2
File : nvt/gb_ubuntu_USN_1589_2.nasl
2012-10-03 Name : Ubuntu Update for eglibc USN-1589-1
File : nvt/gb_ubuntu_USN_1589_1.nasl
2012-08-30 Name : Fedora Update for glibc FEDORA-2012-11508
File : nvt/gb_fedora_2012_11508_glibc_fc17.nasl
2012-07-30 Name : CentOS Update for glibc CESA-2012:1097 centos5
File : nvt/gb_CESA-2012_1097_glibc_centos5.nasl
2012-07-30 Name : CentOS Update for glibc CESA-2012:1098 centos6
File : nvt/gb_CESA-2012_1098_glibc_centos6.nasl
2012-07-19 Name : RedHat Update for glibc RHSA-2012:1097-01
File : nvt/gb_RHSA-2012_1097-01_glibc.nasl
2012-07-19 Name : RedHat Update for glibc RHSA-2012:1098-01
File : nvt/gb_RHSA-2012_1098-01_glibc.nasl

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-02-12 IAVM : 2015-A-0038 - Multiple Vulnerabilities in GNU C Library (glibc)
Severity : Category I - VMSKEY : V0058753
2015-01-22 IAVM : 2015-B-0007 - Multiple Vulnerabilities in Juniper Secure Analytics (JSA) and Security Threa...
Severity : Category I - VMSKEY : V0058213

Nessus® Vulnerability Scanner

Date Description
2018-12-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16365.nasl - Type : ACT_GATHER_INFO
2018-10-26 Name : The remote EulerOS Virtualization host is missing multiple security updates.
File : EulerOS_SA-2018-1344.nasl - Type : ACT_GATHER_INFO
2018-09-18 Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1272.nasl - Type : ACT_GATHER_INFO
2018-05-11 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1017.nasl - Type : ACT_GATHER_INFO
2018-04-27 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2018-0805.nasl - Type : ACT_GATHER_INFO
2017-08-08 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1146.nasl - Type : ACT_GATHER_INFO
2017-08-08 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1147.nasl - Type : ACT_GATHER_INFO
2016-02-19 Name : The remote Red Hat host is potentially affected by a denial of service vulner...
File : redhat-CVE-2014-9402.nasl - Type : ACT_GATHER_INFO
2016-02-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201602-02.nasl - Type : ACT_GATHER_INFO
2016-02-17 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2016-0013.nasl - Type : ACT_GATHER_INFO
2016-02-04 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2589.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_glibc_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-15 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-617.nasl - Type : ACT_GATHER_INFO
2015-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2199.nasl - Type : ACT_GATHER_INFO
2015-11-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2199.nasl - Type : ACT_GATHER_INFO
2015-11-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2199.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16010.nasl - Type : ACT_GATHER_INFO
2015-09-17 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16435.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-544.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2012-1488-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2013-1251-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1119-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1122-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1128-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1129-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0164-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0167-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0170-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0526-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0550-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0551-1.nasl - Type : ACT_GATHER_INFO
2015-04-06 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL16364.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-168.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-122.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-165.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-43.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-97.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150305_glibc_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-495.nasl - Type : ACT_GATHER_INFO
2015-03-18 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0327.nasl - Type : ACT_GATHER_INFO
2015-03-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0327.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-04.nasl - Type : ACT_GATHER_INFO
2015-03-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-150226.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Fedora host is missing a security update.
File : fedora_2015-2837.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Fedora host is missing a security update.
File : fedora_2015-2845.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0327.nasl - Type : ACT_GATHER_INFO
2015-02-27 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-173.nasl - Type : ACT_GATHER_INFO
2015-02-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2519-1.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3169.nasl - Type : ACT_GATHER_INFO
2015-02-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-150129.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0024.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3142.nasl - Type : ACT_GATHER_INFO
2015-01-09 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-468.nasl - Type : ACT_GATHER_INFO
2015-01-09 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0003.nasl - Type : ACT_GATHER_INFO
2015-01-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0016.nasl - Type : ACT_GATHER_INFO
2015-01-08 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0016.nasl - Type : ACT_GATHER_INFO
2015-01-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0016.nasl - Type : ACT_GATHER_INFO
2015-01-08 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150107_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-2023.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141218_glibc_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-12-19 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-2023.nasl - Type : ACT_GATHER_INFO
2014-12-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-2023.nasl - Type : ACT_GATHER_INFO
2014-12-04 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2432-1.nasl - Type : ACT_GATHER_INFO
2014-11-28 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-232.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0017.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0033.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1185.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1118.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-296-01.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9830.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-399.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-400.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-175.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-536.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-3.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1110.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1110.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1110.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9824.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2328-1.nasl - Type : ACT_GATHER_INFO
2014-08-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3012.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-152.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-2.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-1.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-140701.nasl - Type : ACT_GATHER_INFO
2014-07-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2976.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-109.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1097.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1098.nasl - Type : ACT_GATHER_INFO
2013-01-25 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-121129.nasl - Type : ACT_GATHER_INFO
2012-12-24 Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2012-0018.nasl - Type : ACT_GATHER_INFO
2012-12-18 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1589-2.nasl - Type : ACT_GATHER_INFO
2012-11-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_glibc-8351.nasl - Type : ACT_GATHER_INFO
2012-10-02 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1589-1.nasl - Type : ACT_GATHER_INFO
2012-08-16 Name : The remote Fedora host is missing a security update.
File : fedora_2012-11508.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120718_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120718_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1098.nasl - Type : ACT_GATHER_INFO
2012-07-19 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1097.nasl - Type : ACT_GATHER_INFO
2012-07-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1097.nasl - Type : ACT_GATHER_INFO
2012-07-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1098.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2015-04-08 17:29:17
  • Multiple Updates
2015-03-31 13:29:48
  • Multiple Updates
2015-03-30 13:30:08
  • First insertion