ID de Prueba:	1.3.6.1.4.1.25623.1.0.68470
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2010-301-01)
Resumen:	The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2010-301-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the SSA:2010-301-01 advisory. Vulnerability Insight: New glibc packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.11.1-i486-5_slack13.1.txz: Rebuilt. Patched 'The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.' This security issue allows a local attacker to gain root by specifying an unsafe DSO in the library search path to be used with a setuid binary in LD_AUDIT mode. Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes). For more information, see: [links moved to references] (* Security fix *) patches/packages/glibc-i18n-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-profile-2.11.1-i486-5_slack13.1.txz: Rebuilt. patches/packages/glibc-solibs-2.11.1-i486-5_slack13.1.txz: Upgraded. (* Security fix *) patches/packages/glibc-zoneinfo-2.11.1-noarch-5_slack13.1.txz: Upgraded. Rebuilt to tzcode2010n and tzdata2010n. +--------------------------+ Affected Software/OS: 'glibc' package(s) on Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3856 http://seclists.org/fulldisclosure/2023/Jul/31 http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html 20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads. http://seclists.org/fulldisclosure/2010/Oct/344 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap http://www.securityfocus.com/archive/1/515545/100/0/threaded 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 42787 http://secunia.com/advisories/42787 44025 https://www.exploit-db.com/exploits/44025/ 44347 http://www.securityfocus.com/bid/44347 ADV-2011-0025 http://www.vupen.com/english/advisories/2011/0025 DSA-2122 http://www.debian.org/security/2010/dsa-2122 GLSA-201011-01 http://security.gentoo.org/glsa/glsa-201011-01.xml MDVSA-2010:212 http://www.mandriva.com/security/advisories?name=MDVSA-2010:212 RHSA-2010:0793 https://rhn.redhat.com/errata/RHSA-2010-0793.html RHSA-2010:0872 http://www.redhat.com/support/errata/RHSA-2010-0872.html SUSE-SA:2010:052 https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html USN-1009-1 http://www.ubuntu.com/usn/USN-1009-1 [libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://support.avaya.com/css/P8/documents/100121017 http://www.vmware.com/security/advisories/VMSA-2011-0001.html https://bugzilla.redhat.com/show_bug.cgi?id=645672 http://www.openwall.com/lists/oss-security/2023/07/19/9 http://www.openwall.com/lists/oss-security/2023/07/20/1
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.