Executive Summary
Summary | |
---|---|
Title | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap |
Informations | |||
---|---|---|---|
Name | VMSA-2011-0001 | First vendor Publication | 2011-01-04 |
Vendor | VMware | Last vendor Modification | 2011-01-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. Service Console update for glibc The service console packages glibc, glibc-common, and nscd are each updated to version 2.5-34.4908.vmw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues addressed in this update. b. Service Console update for sudo The service console package sudo is updated to version 1.7.2p1-8.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2956 to the issue addressed in this update. c. Service Console update for openldap The service console package openldap is updated to version 2.3.43-12.el5_5.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues addressed in this update. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2011-0001.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
25 % | CWE-252 | Unchecked Return Value |
25 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12604 | |||
Oval ID: | oval:org.mitre.oval:def:12604 | ||
Title: | DSA-2122-1 glibc -- missing input sanitisation | ||
Description: | Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable. For the stable distribution, this problem has been fixed in version 2.7-18lenny6. For the upcoming stable distribution, this problem has been fixed in version 2.11.2-6+squeeze1 of the eglibc package. For the unstable distribution, this problem will be fixed soon. We recommend that you upgrade your glibc packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2122-1 CVE-2010-3847 CVE-2010-3856 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12715 | |||
Oval ID: | oval:org.mitre.oval:def:12715 | ||
Title: | DSA-2077-1 openldap -- several | ||
Description: | Two remote vulnerabilities have been discovered in OpenLDAP. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0211 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences. CVE-2010-0212 OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string. For the stable distribution, this problem has been fixed in version 2.4.11-1+lenny2. For the unstable distribution, this problem has been fixed in version 2.4.23-1. We recommend that you upgrade your openldap packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2077-1 CVE-2010-0211 CVE-2010-0212 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | openldap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12802 | |||
Oval ID: | oval:org.mitre.oval:def:12802 | ||
Title: | DSA-2122-2 glibc -- missing input sanitisation | ||
Description: | Colin Watson discovered that the update for stable relased in DSA-2122-1 did not complete address the underlying security issue in all possible scenarios. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2122-2 CVE-2010-3847 CVE-2010-3856 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | glibc |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12902 | |||
Oval ID: | oval:org.mitre.oval:def:12902 | ||
Title: | USN-983-1 -- sudo vulnerability | ||
Description: | Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-983-1 CVE-2010-2956 | Version: | 5 |
Platform(s): | Ubuntu 9.10 Ubuntu 10.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19821 | |||
Oval ID: | oval:org.mitre.oval:def:19821 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3847 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19902 | |||
Oval ID: | oval:org.mitre.oval:def:19902 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0212 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20122 | |||
Oval ID: | oval:org.mitre.oval:def:20122 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-2956 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20315 | |||
Oval ID: | oval:org.mitre.oval:def:20315 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-3856 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20506 | |||
Oval ID: | oval:org.mitre.oval:def:20506 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0211 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21401 | |||
Oval ID: | oval:org.mitre.oval:def:21401 | ||
Title: | RHSA-2010:0675: sudo security update (Important) | ||
Description: | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0675-01 CESA-2010:0675 CVE-2010-2956 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21997 | |||
Oval ID: | oval:org.mitre.oval:def:21997 | ||
Title: | RHSA-2010:0793: glibc security update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0793-01 CESA-2010:0793 CVE-2010-3856 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22199 | |||
Oval ID: | oval:org.mitre.oval:def:22199 | ||
Title: | RHSA-2010:0787: glibc security update (Important) | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0787-01 CESA-2010:0787 CVE-2010-3847 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22327 | |||
Oval ID: | oval:org.mitre.oval:def:22327 | ||
Title: | RHSA-2010:0872: glibc security and bug fix update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0872-02 CVE-2010-3847 CVE-2010-3856 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22380 | |||
Oval ID: | oval:org.mitre.oval:def:22380 | ||
Title: | RHSA-2010:0542: openldap security update (Moderate) | ||
Description: | OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0542-01 CESA-2010:0542 CVE-2010-0211 CVE-2010-0212 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | openldap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22846 | |||
Oval ID: | oval:org.mitre.oval:def:22846 | ||
Title: | ELSA-2010:0793: glibc security update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0793-01 CVE-2010-3856 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22857 | |||
Oval ID: | oval:org.mitre.oval:def:22857 | ||
Title: | ELSA-2010:0542: openldap security update (Moderate) | ||
Description: | OpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0542-01 CVE-2010-0211 CVE-2010-0212 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | openldap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22912 | |||
Oval ID: | oval:org.mitre.oval:def:22912 | ||
Title: | ELSA-2010:0675: sudo security update (Important) | ||
Description: | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0675-01 CVE-2010-2956 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23012 | |||
Oval ID: | oval:org.mitre.oval:def:23012 | ||
Title: | ELSA-2010:0787: glibc security update (Important) | ||
Description: | elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0787-01 CVE-2010-3847 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23540 | |||
Oval ID: | oval:org.mitre.oval:def:23540 | ||
Title: | ELSA-2010:0872: glibc security and bug fix update (Important) | ||
Description: | ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0872-02 CVE-2010-3847 CVE-2010-3856 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27588 | |||
Oval ID: | oval:org.mitre.oval:def:27588 | ||
Title: | DEPRECATED: ELSA-2010-0542 -- openldap security update (moderate) | ||
Description: | [2.3.43-12.1] - fixed segfault issues in modrdn (#606375) - added patch handling null char in TLS to compat package (#606375, patch backported by Jan Vcelak <jvcelak@redhat.com>) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0542 CVE-2010-0211 CVE-2010-0212 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | openldap |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27665 | |||
Oval ID: | oval:org.mitre.oval:def:27665 | ||
Title: | DEPRECATED: ELSA-2010-0787 -- glibc security update (important) | ||
Description: | [2.5-49.el5_5.6] - Never expand in privileged programs (#643818, CVE-2010-3847) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0787 CVE-2010-3847 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27803 | |||
Oval ID: | oval:org.mitre.oval:def:27803 | ||
Title: | DEPRECATED: ELSA-2010-0872 -- glibc security and bug fix update (important) | ||
Description: | [2.12-1.7.el6_0.3] - Require suid bit on audit objects in privileged programs (#645679, CVE-2010-3856) [2.12-1.7.el6_0.2] - Never expand in privileged programs (#643821) [2.12-1.7.el6_0.1] - Fix bug in generic strstr/memmem implementation handling certain repeated patterns (#643341) - Correctly align TCB for AVX (#643343) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0872 CVE-2010-3847 CVE-2010-3856 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28160 | |||
Oval ID: | oval:org.mitre.oval:def:28160 | ||
Title: | DEPRECATED: ELSA-2010-0793 -- glibc security update (important) | ||
Description: | [2.5-49.el5_5.7] - Require suid bit on audit objects in privileged programs (#645677, CVE-2010-3856) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0793 CVE-2010-3856 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | glibc |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28210 | |||
Oval ID: | oval:org.mitre.oval:def:28210 | ||
Title: | DEPRECATED: ELSA-2010-0675 -- sudo security update (important) | ||
Description: | [1.7.2p1-8] - added patch for CVE-2010-2956 (#628628) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0675 CVE-2010-2956 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2011-11-10 | glibc LD_AUDIT arbitrary DSO load Privilege Escalation |
2010-10-22 | GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability |
2010-10-18 | GNU C library dynamic linker $ORIGIN expansion Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-07-30 | Name : CentOS Update for glibc CESA-2011:0412 centos5 x86_64 File : nvt/gb_CESA-2011_0412_glibc_centos5_x86_64.nasl |
2012-06-06 | Name : RedHat Update for glibc RHSA-2011:0413-01 File : nvt/gb_RHSA-2011_0413-01_glibc.nasl |
2011-11-28 | Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl |
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2011:0412 centos5 i386 File : nvt/gb_CESA-2011_0412_glibc_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2010:0793 centos5 i386 File : nvt/gb_CESA-2010_0793_glibc_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for compat-openldap CESA-2010:0542 centos5 i386 File : nvt/gb_CESA-2010_0542_compat-openldap_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0675 centos5 i386 File : nvt/gb_CESA-2010_0675_sudo_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for glibc CESA-2010:0787 centos5 i386 File : nvt/gb_CESA-2010_0787_glibc_centos5_i386.nasl |
2011-04-06 | Name : RedHat Update for glibc RHSA-2011:0412-01 File : nvt/gb_RHSA-2011_0412-01_glibc.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-03 (sudo) File : nvt/glsa_201009_03.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201011-01 (glibc) File : nvt/glsa_201011_01.nasl |
2011-03-07 | Name : Debian Security Advisory DSA 2122-2 (glibc) File : nvt/deb_2122_2.nasl |
2011-01-14 | Name : Ubuntu Update for eglibc, glibc vulnerability USN-1009-2 File : nvt/gb_ubuntu_USN_1009_2.nasl |
2010-12-02 | Name : Fedora Update for glibc FEDORA-2010-16851 File : nvt/gb_fedora_2010_16851_glibc_fc14.nasl |
2010-12-02 | Name : Fedora Update for glibc FEDORA-2010-16308 File : nvt/gb_fedora_2010_16308_glibc_fc14.nasl |
2010-12-02 | Name : Fedora Update for sudo FEDORA-2010-14184 File : nvt/gb_fedora_2010_14184_sudo_fc14.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2122-1 (glibc) File : nvt/deb_2122_1.nasl |
2010-11-16 | Name : Fedora Update for openldap FEDORA-2010-11319 File : nvt/gb_fedora_2010_11319_openldap_fc12.nasl |
2010-11-16 | Name : SuSE Update for glibc SUSE-SA:2010:052 File : nvt/gb_suse_2010_052.nasl |
2010-11-16 | Name : Fedora Update for glibc FEDORA-2010-16641 File : nvt/gb_fedora_2010_16641_glibc_fc12.nasl |
2010-11-04 | Name : RedHat Update for glibc RHSA-2010:0793-01 File : nvt/gb_RHSA-2010_0793-01_glibc.nasl |
2010-11-04 | Name : Fedora Update for glibc FEDORA-2010-16655 File : nvt/gb_fedora_2010_16655_glibc_fc13.nasl |
2010-10-26 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-1009-1 File : nvt/gb_ubuntu_USN_1009_1.nasl |
2010-10-26 | Name : Mandriva Update for glibc MDVSA-2010:212 (glibc) File : nvt/gb_mandriva_MDVSA_2010_212.nasl |
2010-10-26 | Name : Fedora Update for glibc FEDORA-2010-16594 File : nvt/gb_fedora_2010_16594_glibc_fc13.nasl |
2010-10-22 | Name : RedHat Update for glibc RHSA-2010:0787-01 File : nvt/gb_RHSA-2010_0787-01_glibc.nasl |
2010-10-22 | Name : Mandriva Update for glibc MDVSA-2010:207 (glibc) File : nvt/gb_mandriva_MDVSA_2010_207.nasl |
2010-10-10 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo8.nasl |
2010-10-01 | Name : Fedora Update for sudo FEDORA-2010-14996 File : nvt/gb_fedora_2010_14996_sudo_fc12.nasl |
2010-09-14 | Name : Mandriva Update for sudo MDVSA-2010:175 (sudo) File : nvt/gb_mandriva_MDVSA_2010_175.nasl |
2010-09-14 | Name : Fedora Update for sudo FEDORA-2010-14355 File : nvt/gb_fedora_2010_14355_sudo_fc13.nasl |
2010-09-10 | Name : Ubuntu Update for sudo vulnerability USN-983-1 File : nvt/gb_ubuntu_USN_983_1.nasl |
2010-09-10 | Name : RedHat Update for sudo RHSA-2010:0675-01 File : nvt/gb_RHSA-2010_0675-01_sudo.nasl |
2010-08-30 | Name : Fedora Update for openldap FEDORA-2010-11343 File : nvt/gb_fedora_2010_11343_openldap_fc13.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2077-1 (openldap) File : nvt/deb_2077_1.nasl |
2010-08-13 | Name : Ubuntu Update for OpenLDAP vulnerabilities USN-965-1 File : nvt/gb_ubuntu_USN_965_1.nasl |
2010-07-30 | Name : Mandriva Update for openldap MDVSA-2010:142 (openldap) File : nvt/gb_mandriva_MDVSA_2010_142.nasl |
2010-07-23 | Name : RedHat Update for openldap RHSA-2010:0543-01 File : nvt/gb_RHSA-2010_0543-01_openldap.nasl |
2010-07-23 | Name : RedHat Update for openldap RHSA-2010:0542-01 File : nvt/gb_RHSA-2010_0542-01_openldap.nasl |
2010-07-20 | Name : OpenLDAP 'modrdn' Request Multiple Vulnerabilities File : nvt/gb_openldap_41770.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-301-01 glibc File : nvt/esoft_slk_ssa_2010_301_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-295-01 glibc File : nvt/esoft_slk_ssa_2010_295_01.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-257-02 sudo File : nvt/esoft_slk_ssa_2010_257_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68920 | GNU C Library Dynamic Linker LD_AUDIT non-setuid Library Loading Issue GNU C Library contains a flaw related to 'ld.so' failing to properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects as audit objects. This may allow a local attacker to gain elevated privileges via an unsafe DSO located in a trusted library directory. |
68721 | GNU C Library Dynamic Linker $ORIGIN Substitution Expansion Weakness Local Pr... The weakness is caused due to dynamic linker expanding the "$ORIGIN" substitution for privileged applications, which can be exploited to gain escalated privileges by e.g. hard linking to a setuid application and forcing the expansion of "$ORIGIN" via "LD_AUDIT". |
67842 | sudo Runas Group Handling Local Privilege Escalation |
66470 | OpenLDAP servers/slapd/modrdn.c modrdn Request rdn String Memory Corruption |
66469 | OpenLDAP servers/slapd/schema_init.c modrdn Request rdn String NULL Dereferen... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | OpenLDAP Modrdn RDN NULL string denial of service attempt RuleID : 18807 - Revision : 10 - Type : SERVER-OTHER |
2014-01-10 | OpenLDAP Modrdn utf-8 string code execution attempt RuleID : 18804 - Revision : 11 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0001_remote.nasl - Type : ACT_GATHER_INFO |
2015-02-02 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0622.nasl - Type : ACT_GATHER_INFO |
2014-07-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-36.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-100907.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_glibc-101027.nasl - Type : ACT_GATHER_INFO |
2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0413.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0872.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0793.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0675.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0543.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0542.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100720_openldap_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100907_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101020_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20101110_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110404_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-11-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO |
2011-04-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0412.nasl - Type : ACT_GATHER_INFO |
2011-04-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0413.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libldap-2_4-2-100616.nasl - Type : ACT_GATHER_INFO |
2011-01-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1009-2.nasl - Type : ACT_GATHER_INFO |
2011-01-06 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0001.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libldap-2_4-2-100615.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2010-11-24 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0793.nasl - Type : ACT_GATHER_INFO |
2010-11-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0872.nasl - Type : ACT_GATHER_INFO |
2010-11-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11319.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16641.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16851.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16655.nasl - Type : ACT_GATHER_INFO |
2010-10-29 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-301-01.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO |
2010-10-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO |
2010-10-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0793.nasl - Type : ACT_GATHER_INFO |
2010-10-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-212.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1009-1.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-295-01.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16594.nasl - Type : ACT_GATHER_INFO |
2010-10-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2122.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0787.nasl - Type : ACT_GATHER_INFO |
2010-10-21 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-207.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Fedora host is missing a security update. File : fedora_2010-16308.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openldap2-7074.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14996.nasl - Type : ACT_GATHER_INFO |
2010-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14184.nasl - Type : ACT_GATHER_INFO |
2010-09-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-257-02.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0675.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-175.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14355.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-100907.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0675.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_67b514c3ba8f11df8f6e000c29a67389.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-983-1.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-03.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libldap-2_4-2-100707.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libldap-2_4-2-100707.nasl - Type : ACT_GATHER_INFO |
2010-08-26 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12624.nasl - Type : ACT_GATHER_INFO |
2010-08-24 | Name : The remote Fedora host is missing a security update. File : fedora_2010-11343.nasl - Type : ACT_GATHER_INFO |
2010-08-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-965-1.nasl - Type : ACT_GATHER_INFO |
2010-08-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2077.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-142.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0542.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0543.nasl - Type : ACT_GATHER_INFO |
2010-07-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_openldap2-100712.nasl - Type : ACT_GATHER_INFO |
2010-07-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0543.nasl - Type : ACT_GATHER_INFO |
2010-07-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0542.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-05 13:26:43 |
|
2014-02-17 12:07:18 |
|
2013-05-11 00:56:42 |
|