Test ID:	1.3.6.1.4.1.25623.1.0.52712
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:256
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2005:256. The GNU libc packages (known as glibc) contain the standard C libraries used by applications. It was discovered that the use of LD_DEBUG, LD_SHOW_AUXV, and LD_DYNAMIC_WEAK were not restricted for a setuid program. A local user could utilize this flaw to gain information, such as the list of symbols used by the program. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1453 to this issue. A number of bug fixes have also been made in the missing update. For details of these, please visit the referenced security advisory. All users of glibc should upgrade to these updated packages, which resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-256.html Risk factor : Medium CVSS Score: 2.1
Cross-Ref:	BugTraq ID: 10963 Common Vulnerability Exposure (CVE) ID: CVE-2004-1453 http://www.securityfocus.com/bid/10963 http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml http://bugs.gentoo.org/show_bug.cgi?id=59526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10762 http://www.redhat.com/support/errata/RHSA-2005-256.html http://www.redhat.com/support/errata/RHSA-2005-261.html http://secunia.com/advisories/12306 XForce ISS Database: glibc-suid-info-disclosure(17006) https://exchange.xforce.ibmcloud.com/vulnerabilities/17006
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.