 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.881991 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for glibc CESA-2014:1110 centos5 |
| Resumen: | The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory. Vulnerability Insight: The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traversal flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at the linked references. 5. Bugs fixed: 1102353 - CVE-2014-0475 glibc: directory traversal in LC_* locale handling 1119128 - CVE-2014-5119 glibc: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find() 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: glibc-2.5-118.el5_10.3.src.rpm i386: glibc-2.5-118.el5_10.3.i386.rpm glibc-2.5-118.el5_10.3.i686.rpm glibc-common-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-headers-2.5-118.el5_10.3.i386.rpm glibc-utils-2.5-118.el5_10.3.i386.rpm nscd-2.5-118.el5_10.3.i386.rpm x86_64: glibc-2.5-118.el5_10.3.i686.rpm glibc-2.5-118.el5_10.3.x86_64.rpm glibc-common-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-2.5-118.el5_10.3.i386.rpm glibc-debuginfo-2.5-118.el5_10.3.i686.rpm glibc-debuginfo-2.5-118.el5_10.3.x86_64.rpm glibc-debuginfo-common-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.i386.rpm glibc-devel-2.5-118.el5_10.3.x86_64.rpm glibc-headers-2 ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: glibc on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-0475 BugTraq ID: 68505 http://www.securityfocus.com/bid/68505 Debian Security Information: DSA-2976 (Google Search) http://www.debian.org/security/2014/dsa-2976 https://security.gentoo.org/glsa/201602-02 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 http://www.openwall.com/lists/oss-security/2014/07/10/7 http://www.openwall.com/lists/oss-security/2014/07/14/6 RedHat Security Advisories: RHSA-2014:1110 https://rhn.redhat.com/errata/RHSA-2014-1110.html http://www.securitytracker.com/id/1030569 Common Vulnerability Exposure (CVE) ID: CVE-2014-5119 20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit http://seclists.org/fulldisclosure/2014/Aug/69 20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119 60345 http://secunia.com/advisories/60345 60358 http://secunia.com/advisories/60358 60441 http://secunia.com/advisories/60441 61074 http://secunia.com/advisories/61074 61093 http://secunia.com/advisories/61093 68983 http://www.securityfocus.com/bid/68983 69738 http://www.securityfocus.com/bid/69738 DSA-3012 http://www.debian.org/security/2014/dsa-3012 GLSA-201602-02 MDVSA-2014:175 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 RHSA-2014:1110 RHSA-2014:1118 http://rhn.redhat.com/errata/RHSA-2014-1118.html SUSE-SU-2014:1125 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html [oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues) http://www.openwall.com/lists/oss-security/2014/08/13/5 [oss-security] 20170713 glibc locale issues http://www.openwall.com/lists/oss-security/2014/07/14/1 http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html http://linux.oracle.com/errata/ELSA-2015-0092.html http://www-01.ibm.com/support/docview.wss?uid=swg21685604 https://code.google.com/p/google-security-research/issues/detail?id=96 https://sourceware.org/bugzilla/show_bug.cgi?id=17187 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |