Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0072)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2015.0072

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0072)

Resumen: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0072 advisory.

Descripción: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0072 advisory.

Vulnerability Insight:
Under certain conditions wscanf can allocate too little memory for the
to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472).

The incorrect use of '__libc_use_alloca (newsize)' caused a different
(and weaker) policy to be enforced which could allow a denial of service
attack (CVE-2015-1473).

Affected Software/OS:
'glibc' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-1472
BugTraq ID: 72428
http://www.securityfocus.com/bid/72428
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search)
https://seclists.org/bugtraq/2019/Sep/7
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
https://security.gentoo.org/glsa/201602-02
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1
http://www.ubuntu.com/usn/USN-2519-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1473
BugTraq ID: 72499
http://www.securityfocus.com/bid/72499

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2015.0072
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0072)
Resumen:	The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0072 advisory.
Descripción:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2015-0072 advisory. Vulnerability Insight: Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer (CVE-2015-1472). The incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack (CVE-2015-1473). Affected Software/OS: 'glibc' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1472 BugTraq ID: 72428 http://www.securityfocus.com/bid/72428 Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) https://seclists.org/bugtraq/2019/Jun/14 Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search) https://seclists.org/bugtraq/2019/Sep/7 http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 https://security.gentoo.org/glsa/201602-02 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 http://www.ubuntu.com/usn/USN-2519-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1473 BugTraq ID: 72499 http://www.securityfocus.com/bid/72499
Copyright	Copyright (C) 2022 Greenbone AG