Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.831500
Category:Mandrake Local Security Checks
Title:Mandriva Update for glibc MDVSA-2011:178 (glibc)
Summary:The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'glibc'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple untrusted search path vulnerabilities in elf/dl-object.c in
certain modified versions of the GNU C Library (aka glibc or libc6),
including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat
Enterprise Linux, allow local users to gain privileges via a crafted
dynamic shared object (DSO) in a subdirectory of the current working
directory during execution of a (1) setuid or (2) setgid program that
has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because
of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).

The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC
(EGLIBC) allow context-dependent attackers to execute arbitrary code
or cause a denial of service (memory consumption) via a long UTF8
string that is used in an fnmatch call, aka a stack extension attack,
a related issue to CVE-2010-2898, as originally reported for use of
this library by Google Chrome (CVE-2011-1071).

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users
to trigger corruption of this file, as demonstrated by writes from
a process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).

locale/programs/locale.c in locale in the GNU C Library (aka glibc
or libc6) before 2.13 does not quote its output, which might allow
local users to gain privileges via a crafted localization environment
variable, in conjunction with a program that executes a script that
uses the eval function (CVE-2011-1095).

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).

crypt_blowfish before 1.1, as used in glibc on certain platforms,
does not properly handle 8-bit characters, which makes it easier
for context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).

The updated packages have been patched to correct these issues.

Affected Software/OS:
glibc on Mandriva Linux 2010.1,
Mandriva Linux 2010.1/X86_64,
Mandriva Enterprise Server 5,
Mandriva Enterprise Server 5/X86_64

Solution:
Please Install the Updated Packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3847
BugTraq ID: 44154
http://www.securityfocus.com/bid/44154
Bugtraq: 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap (Google Search)
http://www.securityfocus.com/archive/1/515545/100/0/threaded
CERT/CC vulnerability note: VU#537223
http://www.kb.cert.org/vuls/id/537223
Debian Security Information: DSA-2122 (Google Search)
http://www.debian.org/security/2010/dsa-2122
https://www.exploit-db.com/exploits/44024/
https://www.exploit-db.com/exploits/44025/
http://seclists.org/fulldisclosure/2010/Oct/257
http://seclists.org/fulldisclosure/2010/Oct/292
http://seclists.org/fulldisclosure/2010/Oct/294
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:207
http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
RedHat Security Advisories: RHSA-2010:0787
https://rhn.redhat.com/errata/RHSA-2010-0787.html
http://www.redhat.com/support/errata/RHSA-2010-0872.html
http://secunia.com/advisories/42787
SuSE Security Announcement: SUSE-SA:2010:052 (Google Search)
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://www.ubuntu.com/usn/USN-1009-1
http://www.vupen.com/english/advisories/2011/0025
Common Vulnerability Exposure (CVE) ID: CVE-2011-0536
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Debian Security Information: DSA-2122-2 (Google Search)
http://lists.debian.org/debian-security-announce/2011/msg00005.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://openwall.com/lists/oss-security/2011/02/01/3
http://openwall.com/lists/oss-security/2011/02/03/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13086
http://www.redhat.com/support/errata/RHSA-2011-0412.html
http://www.redhat.com/support/errata/RHSA-2011-0413.html
http://securitytracker.com/id?1025289
http://secunia.com/advisories/43830
http://secunia.com/advisories/43989
http://secunia.com/advisories/46397
http://www.ubuntu.com/usn/USN-1009-2
http://www.vupen.com/english/advisories/2011/0863
Common Vulnerability Exposure (CVE) ID: CVE-2010-2898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12104
http://secunia.com/advisories/40743
Common Vulnerability Exposure (CVE) ID: CVE-2011-1071
BugTraq ID: 46563
http://www.securityfocus.com/bid/46563
http://seclists.org/fulldisclosure/2011/Feb/635
http://seclists.org/fulldisclosure/2011/Feb/644
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
http://openwall.com/lists/oss-security/2011/02/28/11
http://openwall.com/lists/oss-security/2011/02/28/15
http://openwall.com/lists/oss-security/2011/02/26/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
http://securitytracker.com/id?1025290
http://secunia.com/advisories/43492
http://securityreason.com/securityalert/8175
Common Vulnerability Exposure (CVE) ID: CVE-2010-0296
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Debian Security Information: DSA-2058 (Google Search)
http://www.debian.org/security/2010/dsa-2058
http://seclists.org/fulldisclosure/2019/Jun/18
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://securitytracker.com/id?1024043
http://secunia.com/advisories/39900
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
XForce ISS Database: gnuclibrary-encodenamemacro-dos(59240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59240
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
BugTraq ID: 46740
http://www.securityfocus.com/bid/46740
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
http://openwall.com/lists/oss-security/2011/03/04/11
http://openwall.com/lists/oss-security/2011/03/04/9
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/07/9
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
http://openwall.com/lists/oss-security/2011/03/15/6
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
http://openwall.com/lists/oss-security/2011/04/01/2
http://www.redhat.com/support/errata/RHSA-2011-1526.html
Common Vulnerability Exposure (CVE) ID: CVE-2011-1095
http://openwall.com/lists/oss-security/2011/03/08/21
http://openwall.com/lists/oss-security/2011/03/08/22
http://openwall.com/lists/oss-security/2011/03/08/8
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272
http://securitytracker.com/id?1025286
http://secunia.com/advisories/43976
Common Vulnerability Exposure (CVE) ID: CVE-2011-1659
http://code.google.com/p/chromium/issues/detail?id=48733
http://www.securitytracker.com/id?1025450
http://secunia.com/advisories/44353
XForce ISS Database: gnuclibrary-fnmatch-dos(66819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
Common Vulnerability Exposure (CVE) ID: CVE-2011-2483
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BugTraq ID: 49241
http://www.securityfocus.com/bid/49241
Debian Security Information: DSA-2340 (Google Search)
http://www.debian.org/security/2011/dsa-2340
Debian Security Information: DSA-2399 (Google Search)
http://www.debian.org/security/2012/dsa-2399
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
http://freshmeat.net/projects/crypt_blowfish
http://www.redhat.com/support/errata/RHSA-2011-1377.html
http://www.redhat.com/support/errata/RHSA-2011-1378.html
http://www.redhat.com/support/errata/RHSA-2011-1423.html
SuSE Security Announcement: SUSE-SA:2011:035 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
http://www.ubuntu.com/usn/USN-1229-1
XForce ISS Database: php-cryptblowfish-info-disclosure(69319)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.