Test ID:	1.3.6.1.4.1.25623.1.0.69035
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 201011-01 (glibc)
Summary:	The remote host is missing updates announced in;advisory GLSA 201011-01.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 201011-01. Vulnerability Insight: Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Solution: All GNU C library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-libs/glibc-2.11.2-r3' CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4880 BugTraq ID: 36443 http://www.securityfocus.com/bid/36443 Debian Security Information: DSA-2058 (Google Search) http://www.debian.org/security/2010/dsa-2058 http://security.gentoo.org/glsa/glsa-201011-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:111 http://www.mandriva.com/security/advisories?name=MDVSA-2010:112 https://bugzilla.redhat.com/show_bug.cgi?id=524671 http://secunia.com/advisories/39900 http://securityreason.com/achievement_securityalert/67 http://www.ubuntu.com/usn/USN-944-1 http://www.vupen.com/english/advisories/2010/1246 XForce ISS Database: gnuclibrary-strfmon-overflow(59242) https://exchange.xforce.ibmcloud.com/vulnerabilities/59242 Common Vulnerability Exposure (CVE) ID: CVE-2009-4881 XForce ISS Database: gnuclibrary-vstrfmonl-overflow(59241) https://exchange.xforce.ibmcloud.com/vulnerabilities/59241 Common Vulnerability Exposure (CVE) ID: CVE-2010-0296 1024043 http://securitytracker.com/id?1024043 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console http://www.securityfocus.com/archive/1/520102/100/0/threaded 20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series http://seclists.org/fulldisclosure/2019/Jun/18 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series https://seclists.org/bugtraq/2019/Jun/14 39900 43830 http://secunia.com/advisories/43830 46397 http://secunia.com/advisories/46397 ADV-2010-1246 ADV-2011-0863 http://www.vupen.com/english/advisories/2011/0863 DSA-2058 GLSA-201011-01 MDVSA-2010:111 MDVSA-2010:112 RHSA-2011:0412 http://www.redhat.com/support/errata/RHSA-2011-0412.html SUSE-SA:2010:052 https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html USN-944-1 gnuclibrary-encodenamemacro-dos(59240) https://exchange.xforce.ibmcloud.com/vulnerabilities/59240 http://frugalware.org/security/662 http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540 http://www.vmware.com/security/advisories/VMSA-2011-0012.html https://bugzilla.redhat.com/show_bug.cgi?id=559579 Common Vulnerability Exposure (CVE) ID: CVE-2010-0830 BugTraq ID: 40063 http://www.securityfocus.com/bid/40063 http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html http://securitytracker.com/id?1024044 SuSE Security Announcement: SUSE-SA:2010:052 (Google Search) XForce ISS Database: glibc-elf-code-execution(58915) https://exchange.xforce.ibmcloud.com/vulnerabilities/58915 Common Vulnerability Exposure (CVE) ID: CVE-2010-3847 20101018 The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/257 20101019 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/292 20101020 Re: The GNU C library dynamic linker expands $ORIGIN in setuid library search path http://seclists.org/fulldisclosure/2010/Oct/294 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap http://www.securityfocus.com/archive/1/515545/100/0/threaded 42787 http://secunia.com/advisories/42787 44024 https://www.exploit-db.com/exploits/44024/ 44025 https://www.exploit-db.com/exploits/44025/ 44154 http://www.securityfocus.com/bid/44154 ADV-2011-0025 http://www.vupen.com/english/advisories/2011/0025 DSA-2122 http://www.debian.org/security/2010/dsa-2122 MDVSA-2010:207 http://www.mandriva.com/security/advisories?name=MDVSA-2010:207 RHSA-2010:0787 https://rhn.redhat.com/errata/RHSA-2010-0787.html RHSA-2010:0872 http://www.redhat.com/support/errata/RHSA-2010-0872.html USN-1009-1 http://www.ubuntu.com/usn/USN-1009-1 VU#537223 http://www.kb.cert.org/vuls/id/537223 [libc-hacker] 20101018 [PATCH] Never expand $ORIGIN in privileged programs http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html http://support.avaya.com/css/P8/documents/100120941 http://www.vmware.com/security/advisories/VMSA-2011-0001.html https://bugzilla.redhat.com/show_bug.cgi?id=643306 Common Vulnerability Exposure (CVE) ID: CVE-2010-3856 http://seclists.org/fulldisclosure/2023/Jul/31 http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html 20101022 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads. http://seclists.org/fulldisclosure/2010/Oct/344 44347 http://www.securityfocus.com/bid/44347 MDVSA-2010:212 http://www.mandriva.com/security/advisories?name=MDVSA-2010:212 RHSA-2010:0793 https://rhn.redhat.com/errata/RHSA-2010-0793.html [libc-hacker] 20101022 [PATCH] Require suid bit on audit objects in privileged programs http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html http://support.avaya.com/css/P8/documents/100121017 https://bugzilla.redhat.com/show_bug.cgi?id=645672 http://www.openwall.com/lists/oss-security/2023/07/19/9 http://www.openwall.com/lists/oss-security/2023/07/20/1
Copyright	Copyright (C) 2011 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.