 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.881476 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for glibc CESA-2012:1207 centos5 |
| Resumen: | The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory. Vulnerability Insight: The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug: * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: glibc on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3480 1027374 http://www.securitytracker.com/id?1027374 50201 http://secunia.com/advisories/50201 50422 http://secunia.com/advisories/50422 54982 http://www.securityfocus.com/bid/54982 84710 http://osvdb.org/84710 FEDORA-2012-11927 http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085190.html GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 RHSA-2012:1207 http://rhn.redhat.com/errata/RHSA-2012-1207.html RHSA-2012:1208 http://rhn.redhat.com/errata/RHSA-2012-1208.html RHSA-2012:1262 http://rhn.redhat.com/errata/RHSA-2012-1262.html RHSA-2012:1325 http://rhn.redhat.com/errata/RHSA-2012-1325.html USN-1589-1 http://www.ubuntu.com/usn/USN-1589-1 [libc-alpha] 20120812 Fix strtod integer/buffer overflow (bug 14459) http://sourceware.org/ml/libc-alpha/2012-08/msg00202.html [oss-security] 20120813 CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/4 [oss-security] 20120813 Re: CVE Request -- glibc: Integer overflows, leading to stack-based buffer overflows in strto* related routines http://www.openwall.com/lists/oss-security/2012/08/13/6 http://sourceware.org/bugzilla/show_bug.cgi?id=14459 |
| Copyright | Copyright (C) 2012 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |