English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703169
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-3169-1)
Summary:The remote host is missing an update for the Debian 'eglibc' package(s) announced via the DSA-3169-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'eglibc' package(s) announced via the DSA-3169-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library:

CVE-2012-3406

The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.

CVE-2013-7424

An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.

CVE-2014-4043

The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.

CVE-2014-9402

The getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name.

CVE-2015-1472 / CVE-2015-1473 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of '__libc_use_alloca (newsize)' caused a different (and weaker) policy to be enforced which could allow a denial of service attack.

For the stable distribution (wheezy), these issues are fixed in version 2.13-38+deb7u8 of the eglibc package.

For the unstable distribution (sid), all the above issues are fixed in version 2.19-15 of the glibc package.

We recommend that you upgrade your eglibc packages.

Affected Software/OS:
'eglibc' package(s) on Debian 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-3406
GLSA-201503-04
https://security.gentoo.org/glsa/201503-04
RHSA-2012:1097
http://rhn.redhat.com/errata/RHSA-2012-1097.html
RHSA-2012:1098
http://rhn.redhat.com/errata/RHSA-2012-1098.html
RHSA-2012:1185
http://rhn.redhat.com/errata/RHSA-2012-1185.html
RHSA-2012:1200
http://rhn.redhat.com/errata/RHSA-2012-1200.html
USN-1589-1
http://www.ubuntu.com/usn/USN-1589-1
[oss-security] 20120711 Re: CVE request: glibc formatted printing vulnerabilities
http://www.openwall.com/lists/oss-security/2012/07/11/17
https://bugzilla.redhat.com/attachment.cgi?id=594722
https://bugzilla.redhat.com/show_bug.cgi?id=826943
Common Vulnerability Exposure (CVE) ID: CVE-2013-7424
BugTraq ID: 72710
http://www.securityfocus.com/bid/72710
http://www.openwall.com/lists/oss-security/2015/01/29/21
RedHat Security Advisories: RHSA-2015:1627
http://rhn.redhat.com/errata/RHSA-2015-1627.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-4043
BugTraq ID: 68006
http://www.securityfocus.com/bid/68006
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search)
https://seclists.org/bugtraq/2019/Sep/7
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.mandriva.com/security/advisories?name=MDVSA-2014:152
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
SuSE Security Announcement: openSUSE-SU-2015:1387 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
XForce ISS Database: gnuclibrary-cve20144043-code-exec(93784)
https://exchange.xforce.ibmcloud.com/vulnerabilities/93784
Common Vulnerability Exposure (CVE) ID: CVE-2014-9402
20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
71670
http://www.securityfocus.com/bid/71670
GLSA-201602-02
https://security.gentoo.org/glsa/201602-02
RHSA-2018:0805
https://access.redhat.com/errata/RHSA-2018:0805
USN-2519-1
http://www.ubuntu.com/usn/USN-2519-1
[oss-security] 20141217 Re: CVE request: glibc
http://www.openwall.com/lists/oss-security/2014/12/18/1
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
https://sourceware.org/bugzilla/show_bug.cgi?id=17630
openSUSE-SU-2015:0351
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Common Vulnerability Exposure (CVE) ID: CVE-2015-1472
BugTraq ID: 72428
http://www.securityfocus.com/bid/72428
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1473
BugTraq ID: 72499
http://www.securityfocus.com/bid/72499
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.