English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.72073
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2011:179 (glibc)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to glibc
announced via advisory MDVSA-2011:179.

Multiple vulnerabilities was discovered and fixed in glibc:

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users
to trigger corruption of this file, as demonstrated by writes from
a process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).

crypt_blowfish before 1.1, as used in glibc on certain platforms,
does not properly handle 8-bit characters, which makes it easier
for context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).

The updated packages have been patched to correct these issues.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:179

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0296
1024043
http://securitytracker.com/id?1024043
20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console
http://www.securityfocus.com/archive/1/520102/100/0/threaded
20190612 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
http://seclists.org/fulldisclosure/2019/Jun/18
20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series
https://seclists.org/bugtraq/2019/Jun/14
39900
http://secunia.com/advisories/39900
43830
http://secunia.com/advisories/43830
46397
http://secunia.com/advisories/46397
ADV-2010-1246
http://www.vupen.com/english/advisories/2010/1246
ADV-2011-0863
http://www.vupen.com/english/advisories/2011/0863
DSA-2058
http://www.debian.org/security/2010/dsa-2058
GLSA-201011-01
http://security.gentoo.org/glsa/glsa-201011-01.xml
MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
MDVSA-2010:112
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
RHSA-2011:0412
http://www.redhat.com/support/errata/RHSA-2011-0412.html
SUSE-SA:2010:052
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
USN-944-1
http://www.ubuntu.com/usn/USN-944-1
gnuclibrary-encodenamemacro-dos(59240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59240
http://frugalware.org/security/662
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=ab00f4eac8f4932211259ff87be83144f5211540
http://www.vmware.com/security/advisories/VMSA-2011-0012.html
https://bugzilla.redhat.com/show_bug.cgi?id=559579
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
46740
http://www.securityfocus.com/bid/46740
MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
MDVSA-2011:179
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
RHSA-2011:1526
http://www.redhat.com/support/errata/RHSA-2011-1526.html
[oss-security] 20110303 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/11
[oss-security] 20110303 Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/9
[oss-security] 20110304 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
[oss-security] 20110305 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
[oss-security] 20110307 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/07/9
[oss-security] 20110314 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
[oss-security] 20110315 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/15/6
[oss-security] 20110322 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
[oss-security] 20110331 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
[oss-security] 20110401 Re: Suid mount helpers fail to anticipate RLIMIT_FSIZE
http://openwall.com/lists/oss-security/2011/04/01/2
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
Common Vulnerability Exposure (CVE) ID: CVE-2011-1071
1025290
http://securitytracker.com/id?1025290
20110224 glibc and alloca()
http://seclists.org/fulldisclosure/2011/Feb/635
20110226 Re: glibc and alloca()
http://seclists.org/fulldisclosure/2011/Feb/644
43492
http://secunia.com/advisories/43492
43989
http://secunia.com/advisories/43989
46563
http://www.securityfocus.com/bid/46563
8175
http://securityreason.com/securityalert/8175
RHSA-2011:0413
http://www.redhat.com/support/errata/RHSA-2011-0413.html
[oss-security] 20110228 Re: cve request: eglibc memory corruption
http://openwall.com/lists/oss-security/2011/02/28/11
http://openwall.com/lists/oss-security/2011/02/28/15
[oss-security] 20110228 cve request: eglibc memory corruption
http://openwall.com/lists/oss-security/2011/02/26/3
http://bugs.debian.org/615120
http://code.google.com/p/chromium/issues/detail?id=48733
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
http://sourceware.org/bugzilla/show_bug.cgi?id=11883
http://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=f15ce4d8dc139523fe0c273580b604b2453acba6
https://bugzilla.redhat.com/show_bug.cgi?id=681054
oval:org.mitre.oval:def:12853
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
Common Vulnerability Exposure (CVE) ID: CVE-2011-1659
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securitytracker.com/id?1025450
http://secunia.com/advisories/44353
XForce ISS Database: gnuclibrary-fnmatch-dos(66819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
Common Vulnerability Exposure (CVE) ID: CVE-2011-2483
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
Debian Security Information: DSA-2340 (Google Search)
http://www.debian.org/security/2011/dsa-2340
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
http://freshmeat.net/projects/crypt_blowfish
http://www.redhat.com/support/errata/RHSA-2011-1377.html
http://www.redhat.com/support/errata/RHSA-2011-1378.html
http://www.redhat.com/support/errata/RHSA-2011-1423.html
SuSE Security Announcement: SUSE-SA:2011:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
http://www.ubuntu.com/usn/USN-1229-1
XForce ISS Database: php-cryptblowfish-info-disclosure(69319)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.