Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870545
Category:Red Hat Local Security Checks
Title:RedHat Update for glibc RHSA-2012:0125-01
Summary:The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'glibc'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the glibc library read timezone files. If a
carefully-crafted timezone file was loaded by an application linked against
glibc, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-5029)

A flaw was found in the way the ldd utility identified dynamically linked
libraries. If an attacker could trick a user into running ldd on a
malicious binary, it could result in arbitrary code execution with the
privileges of the user running ldd. (CVE-2009-5064)

It was discovered that the glibc addmntent() function, used by various
mount helper utilities, did not sanitize its input properly. A local
attacker could possibly use this flaw to inject malformed lines into the
mtab (mounted file systems table) file via certain setuid mount helpers, if
the attacker were allowed to mount to an arbitrary directory under their
control. (CVE-2010-0296)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the glibc library loaded ELF (Executable and Linking
Format) files. If a carefully-crafted ELF file was loaded by an
application linked against glibc, it could cause the application to crash
or, potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-0830)

It was discovered that the glibc fnmatch() function did not properly
restrict the use of alloca(). If the function was called on sufficiently
large inputs, it could cause an application using fnmatch() to crash or,
possibly, execute arbitrary code with the privileges of the application.
(CVE-2011-1071)

It was found that the glibc addmntent() function, used by various mount
helper utilities, did not handle certain errors correctly when updating the
mtab (mounted file systems table) file. If such utilities had the setuid
bit set, a local attacker could use this flaw to corrupt the mtab file.
(CVE-2011-1089)

It was discovered that the locale command did not produce properly escaped
output as required by the POSIX specification. If an attacker were able to
set the locale environment ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
glibc on Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4

Solution:
Please Install the Updated Packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-5029
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
http://sourceware.org/git/?p=glibc.git;a=commit;h=97ac2654b2d831acaa18a2b018b0736245903fd2
http://sourceware.org/ml/libc-alpha/2011-12/msg00037.html
Common Vulnerability Exposure (CVE) ID: CVE-2009-5064
http://reverse.lostrealm.com/protect/ldd.html
http://www.catonmat.net/blog/ldd-arbitrary-code-execution/
https://bugzilla.redhat.com/show_bug.cgi?id=531160
https://bugzilla.redhat.com/show_bug.cgi?id=682998
http://openwall.com/lists/oss-security/2011/03/07/10
http://openwall.com/lists/oss-security/2011/03/07/7
http://openwall.com/lists/oss-security/2011/03/08/2
http://openwall.com/lists/oss-security/2011/03/07/13
http://openwall.com/lists/oss-security/2011/03/08/1
http://openwall.com/lists/oss-security/2011/03/08/10
http://openwall.com/lists/oss-security/2011/03/08/3
http://openwall.com/lists/oss-security/2011/03/08/7
http://www.redhat.com/support/errata/RHSA-2011-1526.html
Common Vulnerability Exposure (CVE) ID: CVE-2010-0296
Bugtraq: 20111013 VMSA-2011-0012 VMware ESXi and ESX updates to third party libraries and ESX Service Console (Google Search)
http://www.securityfocus.com/archive/1/520102/100/0/threaded
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Debian Security Information: DSA-2058 (Google Search)
http://www.debian.org/security/2010/dsa-2058
http://seclists.org/fulldisclosure/2019/Jun/18
http://security.gentoo.org/glsa/glsa-201011-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:111
http://www.mandriva.com/security/advisories?name=MDVSA-2010:112
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://www.redhat.com/support/errata/RHSA-2011-0412.html
http://securitytracker.com/id?1024043
http://secunia.com/advisories/39900
http://secunia.com/advisories/43830
http://secunia.com/advisories/46397
SuSE Security Announcement: SUSE-SA:2010:052 (Google Search)
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://www.ubuntu.com/usn/USN-944-1
http://www.vupen.com/english/advisories/2010/1246
http://www.vupen.com/english/advisories/2011/0863
XForce ISS Database: gnuclibrary-encodenamemacro-dos(59240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/59240
Common Vulnerability Exposure (CVE) ID: CVE-2010-0830
BugTraq ID: 40063
http://www.securityfocus.com/bid/40063
http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html
http://securitytracker.com/id?1024044
XForce ISS Database: glibc-elf-code-execution(58915)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58915
Common Vulnerability Exposure (CVE) ID: CVE-2011-1071
BugTraq ID: 46563
http://www.securityfocus.com/bid/46563
http://seclists.org/fulldisclosure/2011/Feb/635
http://seclists.org/fulldisclosure/2011/Feb/644
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
http://scarybeastsecurity.blogspot.com/2011/02/i-got-accidental-code-execution-via.html
http://openwall.com/lists/oss-security/2011/02/28/11
http://openwall.com/lists/oss-security/2011/02/28/15
http://openwall.com/lists/oss-security/2011/02/26/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12853
http://www.redhat.com/support/errata/RHSA-2011-0413.html
http://securitytracker.com/id?1025290
http://secunia.com/advisories/43492
http://secunia.com/advisories/43989
http://securityreason.com/securityalert/8175
Common Vulnerability Exposure (CVE) ID: CVE-2011-1089
BugTraq ID: 46740
http://www.securityfocus.com/bid/46740
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
http://sourceware.org/bugzilla/show_bug.cgi?id=12625
https://bugzilla.redhat.com/show_bug.cgi?id=688980
http://openwall.com/lists/oss-security/2011/03/04/11
http://openwall.com/lists/oss-security/2011/03/04/9
http://openwall.com/lists/oss-security/2011/03/04/10
http://openwall.com/lists/oss-security/2011/03/04/12
http://openwall.com/lists/oss-security/2011/03/05/3
http://openwall.com/lists/oss-security/2011/03/05/7
http://openwall.com/lists/oss-security/2011/03/07/9
http://openwall.com/lists/oss-security/2011/03/14/16
http://openwall.com/lists/oss-security/2011/03/14/5
http://openwall.com/lists/oss-security/2011/03/14/7
http://openwall.com/lists/oss-security/2011/03/15/6
http://openwall.com/lists/oss-security/2011/03/22/4
http://openwall.com/lists/oss-security/2011/03/22/6
http://openwall.com/lists/oss-security/2011/03/31/3
http://openwall.com/lists/oss-security/2011/03/31/4
http://openwall.com/lists/oss-security/2011/04/01/2
Common Vulnerability Exposure (CVE) ID: CVE-2011-1095
http://openwall.com/lists/oss-security/2011/03/08/21
http://openwall.com/lists/oss-security/2011/03/08/22
http://openwall.com/lists/oss-security/2011/03/08/8
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12272
http://securitytracker.com/id?1025286
http://secunia.com/advisories/43976
Common Vulnerability Exposure (CVE) ID: CVE-2011-1659
http://code.google.com/p/chromium/issues/detail?id=48733
http://www.securitytracker.com/id?1025450
http://secunia.com/advisories/44353
XForce ISS Database: gnuclibrary-fnmatch-dos(66819)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66819
Common Vulnerability Exposure (CVE) ID: CVE-2011-4609
CopyrightCopyright (c) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.