Test ID:	1.3.6.1.4.1.25623.1.0.68474
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2010-295-01)
Summary:	The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2010-295-01 advisory.
Description:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2010-295-01 advisory. Vulnerability Insight: New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.11.1-i486-4_slack13.1.txz: Rebuilt. Patched 'dynamic linker expands $ORIGIN in setuid library search path'. This security issue allows a local attacker to gain root if they can create a hard link to a setuid root binary. Thanks to Tavis Ormandy. For more information, see: [links moved to references] (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-4_slack13.1.txz: Rebuilt. patches/packages/glibc-zoneinfo-2.11.1-noarch-4_slack13.1.txz: Rebuilt. +--------------------------+ Affected Software/OS: 'glibc' package(s) on Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3847 20101018 The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/257 20101019 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/292 20101020 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/294 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap http://www.securityfocus.com/archive/1/515545/100/0/threaded 42787 http://secunia.com/advisories/42787 44024 https://www.exploit-db.com/exploits/44024/ 44025 https://www.exploit-db.com/exploits/44025/ 44154 http://www.securityfocus.com/bid/44154 ADV-2011-0025 http://www.vupen.com/english/advisories/2011/0025 DSA-2122 http://www.debian.org/security/2010/dsa-2122 GLSA-201011-01 http://security.gentoo.org/glsa/glsa-201011-01.xml MDVSA-2010:207 http://www.mandriva.com/security/advisories?name=MDVSA-2010:207 RHSA-2010:0787 https://rhn.redhat.com/errata/RHSA-2010-0787.html RHSA-2010:0872 http://www.redhat.com/support/errata/RHSA-2010-0872.html SUSE-SA:2010:052 https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html USN-1009-1 http://www.ubuntu.com/usn/USN-1009-1 VU#537223 http://www.kb.cert.org/vuls/id/537223 [libc-hacker] 20101018 [PATCH] Never expand $ORIGIN in privileged programs http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html http://support.avaya.com/css/P8/documents/100120941 http://www.vmware.com/security/advisories/VMSA-2011-0001.html https://bugzilla.redhat.com/show_bug.cgi?id=643306
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.