Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.72073
Category:Mandrake Local Security Checks
Title:Mandriva Security Advisory MDVSA-2011:179 (glibc)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to glibc
announced via advisory MDVSA-2011:179.

Multiple vulnerabilities was discovered and fixed in glibc:

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users
to trigger corruption of this file, as demonstrated by writes from
a process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).

crypt_blowfish before 1.1, as used in glibc on certain platforms,
does not properly handle 8-bit characters, which makes it easier
for context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).

The updated packages have been patched to correct these issues.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:179

Risk factor : High

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-0296
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Debian Security Information: DSA-2058 (Google Search)
http://www.debian.org/security/2010/dsa-2058
http://seclists.org/fulldisclosure/2019/Jun/18
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://www.redhat.com/support/errata/RHSA-2011-0412.html
http://securitytracker.com/id?1024043
http://secunia.com/advisories/39900
http://secunia.com/advisories/43830
http://secunia.com/advisories/46397
SuSE Security Announcement: SUSE-SA:2010:052 (Google Search)
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
http://www.vupen.com/english/advisories/2011/0863
XForce ISS Database: gnuclibrary-encodenamemacro-dos(59240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59240
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
BugTraq ID: 46740
http://www.securityfocus.com/bid/46740
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
http://openwall.com/lists/oss-security/2011/03/04/11
http://openwall.com/lists/oss-security/2011/03/04/9
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/07/9
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
http://openwall.com/lists/oss-security/2011/03/15/6
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
http://openwall.com/lists/oss-security/2011/04/01/2
http://www.redhat.com/support/errata/RHSA-2011-1526.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1071
BugTraq ID: 46563
http://www.securityfocus.com/bid/46563
http://seclists.org/fulldisclosure/2011/Feb/635
http://seclists.org/fulldisclosure/2011/Feb/644
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
http://openwall.com/lists/oss-security/2011/02/28/11
http://openwall.com/lists/oss-security/2011/02/28/15
http://openwall.com/lists/oss-security/2011/02/26/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
http://www.redhat.com/support/errata/RHSA-2011-0413.html
http://securitytracker.com/id?1025290
http://secunia.com/advisories/43492
http://secunia.com/advisories/43989
http://securityreason.com/securityalert/8175
Common Vulnerability Exposure (CVE) ID: CVE-2011-1659
http://code.google.com/p/chromium/issues/detail?id=48733
http://www.securitytracker.com/id?1025450
http://secunia.com/advisories/44353
XForce ISS Database: gnuclibrary-fnmatch-dos(66819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
Common Vulnerability Exposure (CVE) ID: CVE-2011-2483
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
Debian Security Information: DSA-2340 (Google Search)
http://www.debian.org/security/2011/dsa-2340
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
http://freshmeat.net/projects/crypt_blowfish
http://www.redhat.com/support/errata/RHSA-2011-1377.html
http://www.redhat.com/support/errata/RHSA-2011-1378.html
http://www.redhat.com/support/errata/RHSA-2011-1423.html
SuSE Security Announcement: SUSE-SA:2011:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
http://www.ubuntu.com/usn/USN-1229-1
XForce ISS Database: php-cryptblowfish-info-disclosure(69319)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.