Test ID:	1.3.6.1.4.1.25623.1.0.67525
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:111 (glibc)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to glibc announced via advisory MDVSA-2010:111. Multiple vulnerabilities was discovered and fixed in glibc: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880). Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391 (CVE-2009-4881). nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function (CVE-2010-0015). The encode_name macro in misc/mntent_r.c in the GNU C Library (aka glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service (mtab corruption), or possibly modify mount options and gain privileges, via a crafted mount request (CVE-2010-0296). Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header (CVE-2010-0830). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:111 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1391 http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html BugTraq ID: 28479 http://www.securityfocus.com/bid/28479 Bugtraq: 20080327 [securityreason] *BSD libc (strfmon) Multiple vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/490158/100/0/threaded Cert/CC Advisory: TA08-350A http://www.us-cert.gov/cas/techalerts/TA08-350A.html Debian Security Information: DSA-2058 (Google Search) http://www.debian.org/security/2010/dsa-2058 http://www.securitytracker.com/id?1019722 http://secunia.com/advisories/29574 http://secunia.com/advisories/33179 http://securityreason.com/securityalert/3770 http://securityreason.com/achievement_securityalert/53 SuSE Security Announcement: SUSE-SA:2010:052 (Google Search) https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html http://www.vupen.com/english/advisories/2008/3444 XForce ISS Database: bsd-strfmon-overflow(41504) https://exchange.xforce.ibmcloud.com/vulnerabilities/41504 Common Vulnerability Exposure (CVE) ID: CVE-2009-4880 BugTraq ID: 36443 http://www.securityfocus.com/bid/36443 http://security.gentoo.org/glsa/glsa-201011-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:111 http://www.mandriva.com/security/advisories?name=MDVSA-2010:112 https://bugzilla.redhat.com/show_bug.cgi?id=524671 http://secunia.com/advisories/39900 http://securityreason.com/achievement_securityalert/67 http://www.ubuntu.com/usn/USN-944-1 http://www.vupen.com/english/advisories/2010/1246 XForce ISS Database: gnuclibrary-strfmon-overflow(59242) https://exchange.xforce.ibmcloud.com/vulnerabilities/59242 Common Vulnerability Exposure (CVE) ID: CVE-2009-4881 XForce ISS Database: gnuclibrary-vstrfmonl-overflow(59241) https://exchange.xforce.ibmcloud.com/vulnerabilities/59241 Common Vulnerability Exposure (CVE) ID: CVE-2010-0015 MDVSA-2010:111 MDVSA-2010:112 SUSE-SA:2010:052 [oss-security] 20100107 CVE id request: GNU libc: NIS shadow password leakage http://www.openwall.com/lists/oss-security/2010/01/07/3 [oss-security] 20100108 Re: CVE id request: GNU libc: NIS shadow password leakage http://www.openwall.com/lists/oss-security/2010/01/08/1 [oss-security] 20100109 Re: CVE id request: GNU libc: NIS shadow password leakage http://www.openwall.com/lists/oss-security/2010/01/08/2 [oss-security] 20100111 Re: CVE id request: GNU libc: NIS shadow password leakage http://marc.info/?l=oss-security&m=126320356003425&w=2 http://marc.info/?l=oss-security&m=126320570505651&w=2 http://www.openwall.com/lists/oss-security/2010/01/11/6 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560333 http://sourceware.org/bugzilla/show_bug.cgi?id=11134 http://svn.debian.org/viewsvn/pkg-glibc/glibc-package/trunk/debian/patches/any/submitted-nis-shadow.diff?revision=4062&view=markup Common Vulnerability Exposure (CVE) ID: CVE-2010-0296 1024043 http://securitytracker.com/id?1024043 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 39900 43830 http://secunia.com/advisories/43830 46397 http://secunia.com/advisories/46397 ADV-2010-1246 ADV-2011-0863 http://www.vupen.com/english/advisories/2011/0863 DSA-2058 GLSA-201011-01 RHSA-2011:0412 http://www.redhat.com/support/errata/RHSA-2011-0412.html USN-944-1 gnuclibrary-encodenamemacro-dos(59240) https://exchange.xforce.ibmcloud.com/vulnerabilities/59240 http://frugalware.org/security/662 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=559579 Common Vulnerability Exposure (CVE) ID: CVE-2010-0830 BugTraq ID: 40063 http://www.securityfocus.com/bid/40063 http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html http://securitytracker.com/id?1024044 XForce ISS Database: glibc-elf-code-execution(58915) https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.