Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title GNU C Library regression
Informations
Name USN-2306-3 First vendor Publication 2014-09-08
Vendor Ubuntu Last vendor Modification 2014-09-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

USN-2306-1 introduced a regression in the GNU C Library.

Software Description: - eglibc: GNU C Library

Details:

USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Maksymilian Arciemowicz discovered that the GNU C Library incorrectly
handled the getaddrinfo() function. An attacker could use this issue to
cause a denial of service. This issue only affected Ubuntu 10.04 LTS.
(CVE-2013-4357)
It was discovered that the GNU C Library incorrectly handled the
getaddrinfo() function. An attacker could use this issue to cause a denial
of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS.
(CVE-2013-4458)
Stephane Chazelas discovered that the GNU C Library incorrectly handled
locale environment variables. An attacker could use this issue to possibly
bypass certain restrictions such as the ForceCommand restrictions in
OpenSSH. (CVE-2014-0475)
David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C
Library incorrectly handled posix_spawn_file_actions_addopen() path
arguments. An attacker could use this issue to cause a denial of service.
(CVE-2014-4043)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS:
libc6 2.11.1-0ubuntu7.17

After a standard system update you need to reboot your computer to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2306-3
http://www.ubuntu.com/usn/usn-2306-1
https://launchpad.net/bugs/1364584

Package Information:
https://launchpad.net/ubuntu/+source/eglibc/2.11.1-0ubuntu7.17

Original Source

Url : http://www.ubuntu.com/usn/USN-2306-3

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25)
25 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-94 Failure to Control Generation of Code ('Code Injection')
25 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24848
 
Oval ID: oval:org.mitre.oval:def:24848
Title: DSA-2976-1 -- eglibc - security update
Description: Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.
Family: unix Class: patch
Reference(s): DSA-2976-1
CVE-2014-0475
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25256
 
Oval ID: oval:org.mitre.oval:def:25256
Title: SUSE-SU-2014:0760-1 -- Security update for glibc
Description: This update for the GNU Lib C fixes security issues, some bugs and introduces one new feature. The following security issues have been fixed: * CVE-2013-4357: Various potential stack overflows in getaddrinfo() and others were fixed. (bnc#844309) * CVE-2013-4458: A stack (frame) overflow in getaddrinfo() when called with AF_INET6. The following new feature has been implemented: * On PowerLinux, a vDSO entry for getcpu() was added for possible performance enhancements. (FATE#316816, bnc#854445) The following issues have been fixed: * Performance problems with threads in __lll_lock_wait_private and __lll_unlock_wake_private. (bnc#836746) * IPv6: Memory leak in getaddrinfo() when many RRs are returned. (bnc#863499) * Using profiling C library (-lc_p) can trigger a segmentation fault. (bnc#872832)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0760-1
CVE-2013-4357
CVE-2013-4458
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25541
 
Oval ID: oval:org.mitre.oval:def:25541
Title: SUSE-SU-2014:0920-1 -- Security update for glibc
Description: glibc has been updated to fix one security issue that could have resulted in free-after-use situations.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0920-1
CVE-2014-4043
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25837
 
Oval ID: oval:org.mitre.oval:def:25837
Title: USN-2328-1 -- eglibc vulnerability
Description: Certain applications could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2328-1
CVE-2014-5119
CVE-2014-0475
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26211
 
Oval ID: oval:org.mitre.oval:def:26211
Title: USN-2306-1 -- eglibc vulnerabilities
Description: Several security issues were fixed in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-1
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26402
 
Oval ID: oval:org.mitre.oval:def:26402
Title: USN-2306-2 -- eglibc regression
Description: USN-2306-1 introduced a regression in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-2
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26605
 
Oval ID: oval:org.mitre.oval:def:26605
Title: RHSA-2014:1391: glibc security, bug fix, and enhancement update (Moderate)
Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-4458) These updated glibc packages also include several bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
Family: unix Class: patch
Reference(s): RHSA-2014:1391-01
CVE-2013-4237
CVE-2013-4458
CESA-2014:1391
Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26728
 
Oval ID: oval:org.mitre.oval:def:26728
Title: USN-2306-3 -- eglibc regression
Description: USN-2306-1 introduced a regression in the GNU C Library.
Family: unix Class: patch
Reference(s): USN-2306-3
CVE-2013-4357
CVE-2013-4458
CVE-2014-0475
CVE-2014-4043
Version: 3
Platform(s): Ubuntu 10.04
Product(s): eglibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26792
 
Oval ID: oval:org.mitre.oval:def:26792
Title: SUSE-SU-2014:1027-1 -- Security update for glibc
Description: This glibc update contains one security and two non security fixes.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1027-1
CVE-2014-0475
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26797
 
Oval ID: oval:org.mitre.oval:def:26797
Title: SUSE-SU-2014:1213-1 -- Security update for bash
Description: ash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Security Issues: * CVE-2014-6271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1213-1
CVE-2014-6271
CVE-2014-0475
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26821
 
Oval ID: oval:org.mitre.oval:def:26821
Title: SUSE-SU-2014:1214-1 -- Security update for bash
Description: ash has been updated to fix a critical security issue. In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash scripts. (CVE-2014-6271) Additionally, the following bugs have been fixed: * Avoid possible buffer overflow when expanding the /dev/fd prefix with e.g. the test built-in. (CVE-2012-3410) * Enable workaround for changed behavior of sshd. (bnc#688469) Security Issues: * CVE-2014-6271 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271> * CVE-2012-3410 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3410>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1214-1
CVE-2014-6271
CVE-2012-3410
CVE-2014-0475
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): bash
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26978
 
Oval ID: oval:org.mitre.oval:def:26978
Title: DEPRECATED: SUSE-SU-2014:1027-1 -- Security update for glibc
Description: This glibc update contains one security and two non security fixes.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1027-1
CVE-2014-0475
Version: 4
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): glibc
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27027
 
Oval ID: oval:org.mitre.oval:def:27027
Title: ELSA-2014-1391 -- glibc security, bug fix, and enhancement update
Description: [2.12-1.149] - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, [2.12-1.148] - Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025). [2.12-1.147] - Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460). - Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460). [2.12-1.146] - Fix memory order when reading libgcc handle (#905941). - Fix format specifier in malloc_info output (#1027261). - Fix nscd lookup for innetgr when netgroup has wildcards (#1054846). [2.12-1.145] - Add mmap usage to malloc_info output (#1027261). [2.12-1.144] - Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833). [2.12-1.143] - [ppc] Add VDSO IFUNC for gettimeofday (#1028285). - [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025). [2.12-1.142] - Also relocate in dependency order when doing symbol dependency testing (#1019916). [2.12-1.141] - Fix infinite loop in nscd when netgroup is empty (#1085273). - Provide correct buffer length to netgroup queries in nscd (#1074342). - Return NULL for wildcard values in getnetgrent from nscd (#1085289). - Avoid overlapping addresses to stpcpy calls in nscd (#1082379). - Initialize all of datahead structure in nscd (#1074353). [2.12-1.140] - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628). [2.12-1.139] - Do not fail if one of the two responses to AF_UNSPEC fails (#845218). [2.12-1.138] - nscd: Make SELinux checks dynamic (#1025933). [2.12-1.137] - Fix race in free() of fastbin chunk (#1027101). [2.12-1.136] - Fix copy relocations handling of unique objects (#1032628). [2.12-1.135] - Fix encoding name for IDN in getaddrinfo (#981942). [2.12-1.134] - Fix return code from getent netgroup when the netgroup is not found (#1039988). - Fix handling of static TLS in dlopen'ed objects (#995972). [2.12-1.133] - Don't use alloca in addgetnetgrentX (#1043557). - Adjust pointers to triplets in netgroup query data (#1043557).
Family: unix Class: patch
Reference(s): ELSA-2014-1391
CVE-2013-4237
CVE-2013-4458
Version: 4
Platform(s): Oracle Linux 6
Product(s): glibc
glibc-common
glibc-devel
glibc-headers
glibc-static
glibc-utils
nscd
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 114
Application 1
Os 3
Os 2
Os 2
Os 1
Os 1
Os 1

Nessus® Vulnerability Scanner

Date Description
2018-12-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL06493172.nasl - Type : ACT_GATHER_INFO
2016-05-31 Name : The remote Debian host is missing a security update.
File : debian_DLA-494.nasl - Type : ACT_GATHER_INFO
2016-02-18 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2016-0470-1.nasl - Type : ACT_GATHER_INFO
2016-02-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201602-02.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-544.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1129-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1122-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1128-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0164-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0167-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0170-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0550-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0551-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-168.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-43.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-165.nasl - Type : ACT_GATHER_INFO
2015-03-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201503-04.nasl - Type : ACT_GATHER_INFO
2015-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3169.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0024.nasl - Type : ACT_GATHER_INFO
2015-02-02 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0017.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2014-0033.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1391.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141014_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-10-24 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-296-01.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9830.nasl - Type : ACT_GATHER_INFO
2014-10-17 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1391.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1391.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-400.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-536.nasl - Type : ACT_GATHER_INFO
2014-09-09 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-3.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1110.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1110.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1110.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2328-1.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9824.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-152.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-2.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2306-1.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-140701.nasl - Type : ACT_GATHER_INFO
2014-07-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2976.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_glibc-140515.nasl - Type : ACT_GATHER_INFO
2013-11-26 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-283.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-10-08 09:28:33
  • Multiple Updates
2014-10-07 21:34:35
  • Multiple Updates
2014-09-10 13:26:26
  • Multiple Updates
2014-09-08 17:21:29
  • First insertion