Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | VMware security updates for vCSA and ESXi |
| Informations | |||
|---|---|---|---|
| Name | VMSA-2012-0018 | First vendor Publication | 2012-12-20 |
| Vendor | VMware | Last vendor Modification | 2012-04-25 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.8 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| a. vCenter Server Appliance directory traversal The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6324 to this issue. b. vCenter Server Appliance arbitrary file download The vCenter Server Appliance (vCSA) contains an XML parsing vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server. VMware would like to thank Alexander Minozhenko from ERPScan for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6325 to this issue. c. Update to ESX glibc package The ESX glibc package is updated to version glibc-2.5-81.el5_8.1 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609, CVE-2012-0864 CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 and CVE-2012-3480 to these issues. d. vCenter Server and vCSA webservice logging denial of service The vCenter Server and vCenter Server Appliance (vCSA) both contain a vulnerability that allows unauthenticated remote users to create abnormally large log entries. Exploitation of this issue may allow an attacker to fill the system volume of the vCenter host or appliance VM and create a denial-of-service condition. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-6326 to this issue. |
Original Source
| Url : http://www.vmware.com/security/advisories/VMSA-2012-0018.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 46 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 15 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 8 % | CWE-399 | Resource Management Errors |
| 8 % | CWE-200 | Information Exposure |
| 8 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 8 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
| 8 % | CWE-16 | Configuration |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13533 | |||
| Oval ID: | oval:org.mitre.oval:def:13533 | ||
| Title: | DSA-2058-1 glibc, eglibc -- multiple | ||
| Description: | Several vulnerabilities have been discovered in the GNU C Library and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. For the stable distribution, these problems have been fixed in version 2.7-18lenny4 of the glibc package. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.1.11-1 of the eglibc package. We recommend that you upgrade your glibc or eglibc packages. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2058-1 CVE-2008-1391 CVE-2009-4880 CVE-2009-4881 CVE-2010-0296 CVE-2010-0830 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | glibc eglibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15237 | |||
| Oval ID: | oval:org.mitre.oval:def:15237 | ||
| Title: | USN-1396-1 -- GNU C Library vulnerabilities | ||
| Description: | eglibc: Embedded GNU C Library: sources - glibc: GNU C Library: Documentation Multiple vulnerabilities were discovered and fixed in the GNU C Library. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1396-1 CVE-2009-5029 CVE-2010-0015 CVE-2011-1071 CVE-2011-1659 CVE-2011-1089 CVE-2011-1095 CVE-2011-1658 CVE-2011-2702 CVE-2011-4609 CVE-2012-0864 | Version: | 5 |
| Platform(s): | Ubuntu 11.04 Ubuntu 11.10 Ubuntu 8.04 Ubuntu 10.04 Ubuntu 10.10 | Product(s): | GNU |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18163 | |||
| Oval ID: | oval:org.mitre.oval:def:18163 | ||
| Title: | USN-1589-1 -- eglibc, glibc vulnerabilities | ||
| Description: | Multiple security issues were fixed in the GNU C Library. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1589-1 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 | Version: | 7 |
| Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | eglibc glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:18234 | |||
| Oval ID: | oval:org.mitre.oval:def:18234 | ||
| Title: | USN-1589-2 -- glibc regression | ||
| Description: | USN-1589-1 exposed a regression in the GNU C Library floating point parse r. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1589-2 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 CVE-2012-3480 | Version: | 7 |
| Platform(s): | Ubuntu 8.04 | Product(s): | glibc |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:20289 | |||
| Oval ID: | oval:org.mitre.oval:def:20289 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | ** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc." | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-5064 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20458 | |||
| Oval ID: | oval:org.mitre.oval:def:20458 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2012-0864 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20487 | |||
| Oval ID: | oval:org.mitre.oval:def:20487 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2009-5029 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20507 | |||
| Oval ID: | oval:org.mitre.oval:def:20507 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-1089 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20676 | |||
| Oval ID: | oval:org.mitre.oval:def:20676 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2011-4609 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20684 | |||
| Oval ID: | oval:org.mitre.oval:def:20684 | ||
| Title: | VMware vSphere and vCOps updates to third party libraries | ||
| Description: | Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2010-0830 | Version: | 4 |
| Platform(s): | VMWare ESX Server 4.1 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21190 | |||
| Oval ID: | oval:org.mitre.oval:def:21190 | ||
| Title: | RHSA-2012:1207: glibc security and bug fix update (Moderate) | ||
| Description: | Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1207-00 CESA-2012:1207 CVE-2012-3480 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21252 | |||
| Oval ID: | oval:org.mitre.oval:def:21252 | ||
| Title: | RHSA-2012:1098: glibc security and bug fix update (Moderate) | ||
| Description: | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1098-01 CESA-2012:1098 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 | Version: | 28 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21296 | |||
| Oval ID: | oval:org.mitre.oval:def:21296 | ||
| Title: | RHSA-2012:0058: glibc security and bug fix update (Moderate) | ||
| Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0058-01 CESA-2012:0058 CVE-2009-5029 CVE-2011-4609 | Version: | 29 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21353 | |||
| Oval ID: | oval:org.mitre.oval:def:21353 | ||
| Title: | RHSA-2012:0397: glibc security update (Moderate) | ||
| Description: | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0397-01 CESA-2012:0397 CVE-2012-0864 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21365 | |||
| Oval ID: | oval:org.mitre.oval:def:21365 | ||
| Title: | RHSA-2012:0126: glibc security update (Moderate) | ||
| Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0126-01 CESA-2012:0126 CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2011-1089 CVE-2011-4609 | Version: | 68 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21459 | |||
| Oval ID: | oval:org.mitre.oval:def:21459 | ||
| Title: | RHSA-2012:0393: glibc security and bug fix update (Moderate) | ||
| Description: | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:0393-01 CESA-2012:0393 CVE-2012-0864 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21482 | |||
| Oval ID: | oval:org.mitre.oval:def:21482 | ||
| Title: | RHSA-2012:1208: glibc security update (Moderate) | ||
| Description: | Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1208-01 CESA-2012:1208 CVE-2012-3480 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:21515 | |||
| Oval ID: | oval:org.mitre.oval:def:21515 | ||
| Title: | RHSA-2012:1097: glibc security and bug fix update (Moderate) | ||
| Description: | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2012:1097-00 CESA-2012:1097 CVE-2012-3406 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22667 | |||
| Oval ID: | oval:org.mitre.oval:def:22667 | ||
| Title: | ELSA-2012:0397: glibc security update (Moderate) | ||
| Description: | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0397-01 CVE-2012-0864 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22825 | |||
| Oval ID: | oval:org.mitre.oval:def:22825 | ||
| Title: | ELSA-2012:1097: glibc security and bug fix update (Moderate) | ||
| Description: | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1097-00 CVE-2012-3406 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22910 | |||
| Oval ID: | oval:org.mitre.oval:def:22910 | ||
| Title: | ELSA-2012:0126: glibc security update (Moderate) | ||
| Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0126-01 CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2011-1089 CVE-2011-4609 | Version: | 25 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22970 | |||
| Oval ID: | oval:org.mitre.oval:def:22970 | ||
| Title: | ELSA-2012:1207: glibc security and bug fix update (Moderate) | ||
| Description: | Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1207-00 CVE-2012-3480 | Version: | 6 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23014 | |||
| Oval ID: | oval:org.mitre.oval:def:23014 | ||
| Title: | ELSA-2012:1098: glibc security and bug fix update (Moderate) | ||
| Description: | The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1098-01 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 | Version: | 17 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23714 | |||
| Oval ID: | oval:org.mitre.oval:def:23714 | ||
| Title: | ELSA-2012:1208: glibc security update (Moderate) | ||
| Description: | Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:1208-01 CVE-2012-3480 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23809 | |||
| Oval ID: | oval:org.mitre.oval:def:23809 | ||
| Title: | ELSA-2012:0058: glibc security and bug fix update (Moderate) | ||
| Description: | The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0058-01 CVE-2009-5029 CVE-2011-4609 | Version: | 13 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:23853 | |||
| Oval ID: | oval:org.mitre.oval:def:23853 | ||
| Title: | ELSA-2012:0393: glibc security and bug fix update (Moderate) | ||
| Description: | Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012:0393-01 CVE-2012-0864 | Version: | 6 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25222 | |||
| Oval ID: | oval:org.mitre.oval:def:25222 | ||
| Title: | SUSE-SU-2013:1287-1 -- Security update for glibc | ||
| Description: | This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: - Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) - Fixed another stack overflow in getaddrinfo with many results (bnc#828637) - Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) - Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) - Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) - Make addmntent return errors also for cached streams. [bnc #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for possible format string overflow. [bnc #747768, CVE-2012-0864] - Check values from file header in __tzfile_read. [bnc #735850, CVE-2009-5029] Also several bugs were fixed: - Fix locking in _IO_cleanup. (bnc#796982) - Fix memory leak in execve. (bnc#805899) - Fix nscd timestamps in logging (bnc#783196) - Fix perl script error message (bnc#774467) - Fall back to localhost if no nameserver defined (bnc#818630) - Fix incomplete results from nscd. [bnc #753756] - Fix a deadlock in dlsym in case the symbol isn't found, for multithreaded programs. [bnc #760216] - Fix problem with TLS and dlopen. [#732110] - Backported regex fix for skipping of valid EUC-JP matches [bnc#743689] - Fixed false regex match on incomplete chars in EUC-JP [bnc#743689] - Add glibc-pmap-timeout.diff in order to fix useless connection attempts to NFS servers. [bnc #661460] | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1287-1 CVE-2013-1914 CVE-2010-4756 CVE-2012-3480 CVE-2011-1089 CVE-2012-0864 CVE-2009-5029 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 10 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:25868 | |||
| Oval ID: | oval:org.mitre.oval:def:25868 | ||
| Title: | SUSE-SU-2013:1251-1 -- Security update for glibc | ||
| Description: | This collective update for the GNU C library (glibc) provides the following fixes and enhancements: Security issues fixed: * Fix stack overflow in getaddrinfo with many results. (bnc#813121, CVE-2013-1914) * Fix a different stack overflow in getaddrinfo with many results. (bnc#828637) * Fix array overflow in floating point parser [bnc#775690] (CVE-2012-3480) * Fix strtod integer/buffer overflows [bnc#775690] (CVE-2012-3480) * Add patches for fix overflows in vfprintf. [bnc #770891, CVE-2012-3405, CVE-2012-3406] * Fix buffer overflow in glob. (bnc#691365) (CVE-2010-4756) * Flush stream in addmntent, to catch errors like reached file size limits. [bnc #676178, CVE-2011-1089] Bugs fixed: * Fix locking in _IO_cleanup. (bnc#796982) * Fix resolver when first query fails, but seconds succeeds. [bnc #767266] | ||
| Family: | unix | Class: | patch |
| Reference(s): | SUSE-SU-2013:1251-1 CVE-2013-1914 CVE-2012-3480 CVE-2012-3405 CVE-2012-3406 CVE-2010-4756 CVE-2011-1089 | Version: | 3 |
| Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:26787 | |||
| Oval ID: | oval:org.mitre.oval:def:26787 | ||
| Title: | RHSA-2011:1526 -- glibc security, bug fix, and enhancement update (Low) | ||
| Description: | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089 issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users are advised to upgrade to these updated glibc packages, which contain backported patches to resolve these issues and add these enhancements. | ||
| Family: | unix | Class: | patch |
| Reference(s): | RHSA-2011:1526 CVE-2009-5064 CVE-2011-1089 | Version: | 3 |
| Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27621 | |||
| Oval ID: | oval:org.mitre.oval:def:27621 | ||
| Title: | DEPRECATED: ELSA-2012-1208 -- glibc security update (moderate) | ||
| Description: | [2.12-1.80.el6_3.5] - Fix integer overflow leading to buffer overflow in strto* and related out of bounds array index (#847931) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1208 CVE-2012-3480 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27625 | |||
| Oval ID: | oval:org.mitre.oval:def:27625 | ||
| Title: | DEPRECATED: ELSA-2012-0393 -- glibc security and bug fix update (moderate) | ||
| Description: | [2.12-1.47.el6_2.9] - Always use another area after a failed allocation in the main arena (#795328) - Remove sse3 memcpy (#695812) changes (#799259) [2.12-1.47.el6_2.8] - Avoid nargs integer overflow which could be used to bypass FORTIFY_SOURCE (#794815) [2.12-1.47.el6_2.7] - Fix locking on malloc family retry paths (#795328) [2.12-1.47.el6_2.6] - Fix cycle detection in dynamic loader (#783999) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0393 CVE-2012-0864 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27722 | |||
| Oval ID: | oval:org.mitre.oval:def:27722 | ||
| Title: | DEPRECATED: ELSA-2012-1207 -- glibc security and bug fix update (moderate) | ||
| Description: | [2.5-81.el5_8.7] - Fix out of bounds array access in strto* exposed by 847929 patch. [2.5-81.el5_8.6] - Fix integer overflow leading to buffer overflow in strto* (#847929) [2.5-81.el5_8.5] - Do not use PT_IEEE_IP ptrace calls (#839411) - Update ULPs (#839411) - Fix various transcendentals in non-default rounding modes (#839411) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1207 CVE-2012-3480 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27827 | |||
| Oval ID: | oval:org.mitre.oval:def:27827 | ||
| Title: | DEPRECATED: ELSA-2012-1098 -- glibc security and bug fix update (moderate) | ||
| Description: | [2.12-1.80.el6_3.3] - Fix incorrect/corrupt patchfile for 833716. Did not affect generated code, but tests were missing (#833716). [2.12-1.80.el6_3.2] - Fix regression after patch for BZ804630 (#837026). [2.12-1.80.el6_3.1] - Fixes an unbound alloca and related problems. (#833716) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1098 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27835 | |||
| Oval ID: | oval:org.mitre.oval:def:27835 | ||
| Title: | DEPRECATED: ELSA-2012-0397 -- glibc security update (moderate) | ||
| Description: | [2.5-81.el5_8.1] - Add dist tag [when building file lists (#784646).] - Avoid nargs integer overflow which could be used to bypass FORTIFY_SOURCE (#794813) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0397 CVE-2012-0864 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27845 | |||
| Oval ID: | oval:org.mitre.oval:def:27845 | ||
| Title: | DEPRECATED: ELSA-2012-1097 -- glibc security and bug fix update (moderate) | ||
| Description: | [2.5-81.el5_8.4] - Fix iconv() segfault if the invalid multibyte character 0xffff is input when converting from IBM930 (#837896) [2.5-81.el5_8.3] - Fix unbound alloca in vfprintf (#833720) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-1097 CVE-2012-3406 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27898 | |||
| Oval ID: | oval:org.mitre.oval:def:27898 | ||
| Title: | DEPRECATED: ELSA-2012-0058 -- glibc security and bug fix update (moderate) | ||
| Description: | [2.12-1.47.el6_2.5] - Avoid high cpu usage when accept fails with EMFILE (#767692) [2.12-1.47.el6_2.4] - Make implementation of ARENAS_TEST and ARENAS_MAX match documentation (#769594) - Check malloc arena atomically (#769594) [2.12-1.47.el6_2.3] - Check values from TZ file header (#767692) [2.12-1.47.el6_2.2] - Correctly reparse group line after enlarging the buffer (#766484) [2.12-1.47.el6_2.1] - Fix grouping and reuse other locales in various locales (#754116) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0058 CVE-2009-5029 CVE-2011-4609 | Version: | 4 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:27927 | |||
| Oval ID: | oval:org.mitre.oval:def:27927 | ||
| Title: | DEPRECATED: ELSA-2012-0126 -- glibc security update (moderate) | ||
| Description: | [2.5-65.el5_7.3] - Use correct type when casting d_tag (#767687) - Report write error in addmnt even for cached streams (#767687) - ldd: Never run file directly (#767687). - Workaround misconfigured system (#767687) [2.5-65.el5_7.2] - Check values from TZ file header (#767687) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2012-0126 CVE-2010-0830 CVE-2009-5029 CVE-2009-5064 CVE-2011-1089 CVE-2011-4609 | Version: | 4 |
| Platform(s): | Oracle Linux 5 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:28049 | |||
| Oval ID: | oval:org.mitre.oval:def:28049 | ||
| Title: | ELSA-2011-1526 -- glibc security, bug fix, and enhancement update (low) | ||
| Description: | A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2011-1526 CVE-2009-5064 CVE-2011-1089 | Version: | 3 |
| Platform(s): | Oracle Linux 6 | Product(s): | glibc |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2013-05-01 | sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-12-27 | Name : VMSA-2012-0018: VMware security updates for vCSA and ESXi File : nvt/gb_VMSA-2012-0018.nasl |
| 2012-12-18 | Name : Ubuntu Update for glibc USN-1589-2 File : nvt/gb_ubuntu_USN_1589_2.nasl |
| 2012-10-03 | Name : Ubuntu Update for eglibc USN-1589-1 File : nvt/gb_ubuntu_USN_1589_1.nasl |
| 2012-09-10 | Name : Slackware Advisory SSA:2012-041-03 glibc File : nvt/esoft_slk_ssa_2012_041_03.nasl |
| 2012-09-10 | Name : Slackware Advisory SSA:2012-244-01 glibc File : nvt/esoft_slk_ssa_2012_244_01.nasl |
| 2012-08-31 | Name : VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries. File : nvt/gb_VMSA-2012-0013.nasl |
| 2012-08-30 | Name : Fedora Update for glibc FEDORA-2012-2123 File : nvt/gb_fedora_2012_2123_glibc_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for glibc FEDORA-2012-11928 File : nvt/gb_fedora_2012_11928_glibc_fc16.nasl |
| 2012-08-30 | Name : Fedora Update for glibc FEDORA-2012-11927 File : nvt/gb_fedora_2012_11927_glibc_fc17.nasl |
| 2012-08-30 | Name : Fedora Update for glibc FEDORA-2012-11508 File : nvt/gb_fedora_2012_11508_glibc_fc17.nasl |
| 2012-08-28 | Name : CentOS Update for glibc CESA-2012:1207 centos5 File : nvt/gb_CESA-2012_1207_glibc_centos5.nasl |
| 2012-08-28 | Name : CentOS Update for glibc CESA-2012:1208 centos6 File : nvt/gb_CESA-2012_1208_glibc_centos6.nasl |
| 2012-08-28 | Name : RedHat Update for glibc RHSA-2012:1208-01 File : nvt/gb_RHSA-2012_1208-01_glibc.nasl |
| 2012-08-28 | Name : RedHat Update for glibc RHSA-2012:1207-01 File : nvt/gb_RHSA-2012_1207-01_glibc.nasl |
| 2012-08-03 | Name : Mandriva Update for ncpfs MDVSA-2012:084 (ncpfs) File : nvt/gb_mandriva_MDVSA_2012_084.nasl |
| 2012-08-03 | Name : Mandriva Update for util-linux MDVSA-2012:083 (util-linux) File : nvt/gb_mandriva_MDVSA_2012_083.nasl |
| 2012-08-02 | Name : SuSE Update for glibc openSUSE-SU-2012:0064-1 (glibc) File : nvt/gb_suse_2012_0064_1.nasl |
| 2012-07-30 | Name : CentOS Update for glibc CESA-2012:0126 centos5 File : nvt/gb_CESA-2012_0126_glibc_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for glibc CESA-2012:0058 centos6 File : nvt/gb_CESA-2012_0058_glibc_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for glibc CESA-2012:0397 centos5 File : nvt/gb_CESA-2012_0397_glibc_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for glibc CESA-2012:1097 centos5 File : nvt/gb_CESA-2012_1097_glibc_centos5.nasl |
| 2012-07-30 | Name : CentOS Update for glibc CESA-2012:0393 centos6 File : nvt/gb_CESA-2012_0393_glibc_centos6.nasl |
| 2012-07-30 | Name : CentOS Update for glibc CESA-2012:0125 centos4 File : nvt/gb_CESA-2012_0125_glibc_centos4.nasl |
| 2012-07-30 | Name : CentOS Update for glibc CESA-2012:1098 centos6 File : nvt/gb_CESA-2012_1098_glibc_centos6.nasl |
| 2012-07-19 | Name : RedHat Update for glibc RHSA-2012:1097-01 File : nvt/gb_RHSA-2012_1097-01_glibc.nasl |
| 2012-07-19 | Name : RedHat Update for glibc RHSA-2012:1098-01 File : nvt/gb_RHSA-2012_1098-01_glibc.nasl |
| 2012-07-09 | Name : RedHat Update for glibc RHSA-2012:0058-01 File : nvt/gb_RHSA-2012_0058-01_glibc.nasl |
| 2012-07-09 | Name : RedHat Update for glibc RHSA-2011:1526-03 File : nvt/gb_RHSA-2011_1526-03_glibc.nasl |
| 2012-07-09 | Name : RedHat Update for glibc RHSA-2012:0393-01 File : nvt/gb_RHSA-2012_0393-01_glibc.nasl |
| 2012-04-02 | Name : Fedora Update for glibc FEDORA-2012-2162 File : nvt/gb_fedora_2012_2162_glibc_fc16.nasl |
| 2012-03-22 | Name : RedHat Update for glibc RHSA-2012:0397-01 File : nvt/gb_RHSA-2012_0397-01_glibc.nasl |
| 2012-03-12 | Name : Ubuntu Update for eglibc USN-1396-1 File : nvt/gb_ubuntu_USN_1396_1.nasl |
| 2012-03-09 | Name : Fedora Update for glibc FEDORA-2012-2144 File : nvt/gb_fedora_2012_2144_glibc_fc15.nasl |
| 2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0125-01 File : nvt/gb_RHSA-2012_0125-01_glibc.nasl |
| 2012-02-21 | Name : RedHat Update for glibc RHSA-2012:0126-01 File : nvt/gb_RHSA-2012_0126-01_glibc.nasl |
| 2012-01-20 | Name : Fedora Update for glibc FEDORA-2012-0018 File : nvt/gb_fedora_2012_0018_glibc_fc15.nasl |
| 2011-11-28 | Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl |
| 2011-10-14 | Name : Mandriva Update for samba MDVSA-2011:148 (samba) File : nvt/gb_mandriva_MDVSA_2011_148.nasl |
| 2011-03-09 | Name : Gentoo Security Advisory GLSA 201011-01 (glibc) File : nvt/glsa_201011_01.nasl |
| 2010-11-16 | Name : SuSE Update for glibc SUSE-SA:2010:052 File : nvt/gb_suse_2010_052.nasl |
| 2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:112 (glibc) File : nvt/gb_mandriva_MDVSA_2010_112.nasl |
| 2010-06-11 | Name : Mandriva Update for glibc MDVSA-2010:111 (glibc) File : nvt/gb_mandriva_MDVSA_2010_111.nasl |
| 2010-06-10 | Name : Debian Security Advisory DSA 2058-1 (glibc, eglibc) File : nvt/deb_2058_1.nasl |
| 2010-05-28 | Name : Ubuntu Update for glibc, eglibc vulnerabilities USN-944-1 File : nvt/gb_ubuntu_USN_944_1.nasl |
| 2010-04-06 | Name : Mandriva Update for kdebase4-workspace MDVA-2010:112 (kdebase4-workspace) File : nvt/gb_mandriva_MDVA_2010_112.nasl |
| 2010-04-06 | Name : Mandriva Update for initscripts MDVA-2010:111 (initscripts) File : nvt/gb_mandriva_MDVA_2010_111.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 78316 | GNU C Library (glibc) Multiple Function EMFILE Error Handling Remote DoS |
| 77508 | GNU C Library time/tzfile.c __tzfile_read() Function Timezone File Handling R... |
| 74883 | GNU C Library addmntent Function mtab Write RLIMIT_FSIZE Value Handling Local... |
| 74278 | GNU C Library ldd LD_TRACE_LOADED_OBJECTS Check Modified Executable Loader Lo... |
| 65077 | GNU C Library ld.so elf/dynamic-link.h elf_get_dynamic_info Crafted ELF Progr... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-02-12 | IAVM : 2015-A-0038 - Multiple Vulnerabilities in GNU C Library (glibc) Severity : Category I - VMSKEY : V0058753 |
| 2013-02-28 | IAVM : 2013-B-0018 - Multiple Vulnerabilities in VMware vCenter Server 5.0 Severity : Category I - VMSKEY : V0037063 |
| 2012-09-27 | IAVM : 2012-A-0153 - Multiple Vulnerabilities in VMware ESX 4.0 and ESXi 4.0 Severity : Category I - VMSKEY : V0033884 |
| 2012-09-13 | IAVM : 2012-A-0148 - Multiple Vulnerabilities in VMware ESXi 4.1 and ESX 4.1 Severity : Category I - VMSKEY : V0033794 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2016-02-29 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2012-0013_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1488-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1667-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1251-1.nasl - Type : ACT_GATHER_INFO |
| 2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2013-1287-1.nasl - Type : ACT_GATHER_INFO |
| 2015-04-06 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16364.nasl - Type : ACT_GATHER_INFO |
| 2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-168.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-165.nasl - Type : ACT_GATHER_INFO |
| 2015-03-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201503-04.nasl - Type : ACT_GATHER_INFO |
| 2015-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3169.nasl - Type : ACT_GATHER_INFO |
| 2015-02-02 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2015-0023.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0109.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
| 2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0488.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0531.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1185.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1200.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1262.nasl - Type : ACT_GATHER_INFO |
| 2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2012-1325.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-32.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_glibc-111219.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_glibc-111219.nasl - Type : ACT_GATHER_INFO |
| 2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
| 2013-12-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201312-01.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by multiple vulnerabilities. File : vmware_esxi_5_0_build_912577_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by multiple security vulnerabilit... File : vmware_esxi_5_1_build_1063671_remote.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-109.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-120.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-39.nasl - Type : ACT_GATHER_INFO |
| 2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-57.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0058.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0393.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0397.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1097.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1098.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1207.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1208.nasl - Type : ACT_GATHER_INFO |
| 2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-048.nasl - Type : ACT_GATHER_INFO |
| 2013-03-12 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2012-0018.nasl - Type : ACT_GATHER_INFO |
| 2013-01-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-121129.nasl - Type : ACT_GATHER_INFO |
| 2012-12-24 | Name : The remote VMware ESXi host is missing one or more security-related patches. File : vmware_VMSA-2012-0018.nasl - Type : ACT_GATHER_INFO |
| 2012-12-18 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1589-2.nasl - Type : ACT_GATHER_INFO |
| 2012-11-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-8351.nasl - Type : ACT_GATHER_INFO |
| 2012-10-02 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1589-1.nasl - Type : ACT_GATHER_INFO |
| 2012-09-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11963.nasl - Type : ACT_GATHER_INFO |
| 2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO |
| 2012-09-04 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-244-01.nasl - Type : ACT_GATHER_INFO |
| 2012-08-31 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2012-0013.nasl - Type : ACT_GATHER_INFO |
| 2012-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1208.nasl - Type : ACT_GATHER_INFO |
| 2012-08-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1207.nasl - Type : ACT_GATHER_INFO |
| 2012-08-28 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11928.nasl - Type : ACT_GATHER_INFO |
| 2012-08-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1207.nasl - Type : ACT_GATHER_INFO |
| 2012-08-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1208.nasl - Type : ACT_GATHER_INFO |
| 2012-08-28 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120827_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-28 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120827_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-20 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11927.nasl - Type : ACT_GATHER_INFO |
| 2012-08-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11508.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111206_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120124_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120213_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120315_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120319_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120718_glibc_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120718_glibc_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
| 2012-07-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1098.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1097.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1097.nasl - Type : ACT_GATHER_INFO |
| 2012-07-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1098.nasl - Type : ACT_GATHER_INFO |
| 2012-05-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-083.nasl - Type : ACT_GATHER_INFO |
| 2012-05-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-084.nasl - Type : ACT_GATHER_INFO |
| 2012-03-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0397.nasl - Type : ACT_GATHER_INFO |
| 2012-03-20 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0393.nasl - Type : ACT_GATHER_INFO |
| 2012-03-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0397.nasl - Type : ACT_GATHER_INFO |
| 2012-03-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0393.nasl - Type : ACT_GATHER_INFO |
| 2012-03-12 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1396-1.nasl - Type : ACT_GATHER_INFO |
| 2012-03-08 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2144.nasl - Type : ACT_GATHER_INFO |
| 2012-02-29 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2123.nasl - Type : ACT_GATHER_INFO |
| 2012-02-27 | Name : The remote Fedora host is missing a security update. File : fedora_2012-2162.nasl - Type : ACT_GATHER_INFO |
| 2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
| 2012-02-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
| 2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0125.nasl - Type : ACT_GATHER_INFO |
| 2012-02-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0126.nasl - Type : ACT_GATHER_INFO |
| 2012-02-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-041-03.nasl - Type : ACT_GATHER_INFO |
| 2012-01-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0058.nasl - Type : ACT_GATHER_INFO |
| 2012-01-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0058.nasl - Type : ACT_GATHER_INFO |
| 2012-01-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0018.nasl - Type : ACT_GATHER_INFO |
| 2012-01-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-111219.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100709.nasl - Type : ACT_GATHER_INFO |
| 2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ncpfs-110824.nasl - Type : ACT_GATHER_INFO |
| 2011-12-06 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1526.nasl - Type : ACT_GATHER_INFO |
| 2011-11-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO |
| 2011-10-12 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-148.nasl - Type : ACT_GATHER_INFO |
| 2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-100708.nasl - Type : ACT_GATHER_INFO |
| 2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-101025.nasl - Type : ACT_GATHER_INFO |
| 2010-11-16 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201011-01.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_glibc-101026.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_glibc-101027.nasl - Type : ACT_GATHER_INFO |
| 2010-10-28 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7201.nasl - Type : ACT_GATHER_INFO |
| 2010-10-06 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12641.nasl - Type : ACT_GATHER_INFO |
| 2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-112.nasl - Type : ACT_GATHER_INFO |
| 2010-06-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2058.nasl - Type : ACT_GATHER_INFO |
| 2010-06-09 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-111.nasl - Type : ACT_GATHER_INFO |
| 2010-05-26 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-944-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2015-12-24 13:25:54 |
|
| 2014-02-17 12:07:25 |
|
| 2014-02-10 21:29:22 |
|
| 2013-12-14 21:19:32 |
|
| 2013-11-11 12:41:41 |
|
| 2013-05-02 21:20:23 |
|
| 2013-04-27 13:20:15 |
|
| 2013-04-27 09:40:31 |
|
| 2013-02-25 21:19:40 |
|
| 2013-02-23 00:21:26 |
|
| 2013-02-22 09:19:58 |
|
| 2013-02-22 09:18:15 |
|
| 2012-12-22 13:20:08 |
|
| 2012-12-21 09:21:59 |
|
