 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.871264 |
| Category: | Red Hat Local Security Checks |
| Title: | RedHat Update for glibc RHSA-2014:1391-02 |
| Summary: | The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory. Vulnerability Insight: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-4458) These updated glibc packages also include several bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. Affected Software/OS: glibc on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-4237 55113 http://secunia.com/advisories/55113 61729 http://www.securityfocus.com/bid/61729 GLSA-201503-04 https://security.gentoo.org/glsa/201503-04 MDVSA-2013:283 http://www.mandriva.com/security/advisories?name=MDVSA-2013:283 USN-1991-1 http://www.ubuntu.com/usn/USN-1991-1 [oss-security] 20130812 Re: CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters http://www.openwall.com/lists/oss-security/2013/08/12/8 https://bugzilla.redhat.com/show_bug.cgi?id=995839 https://sourceware.org/bugzilla/show_bug.cgi?id=14699 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=91ce40854d0b7f865cf5024ef95a8026b76096f3 Common Vulnerability Exposure (CVE) ID: CVE-2013-4458 MDVSA-2013:284 http://www.mandriva.com/security/advisories?name=MDVSA-2013:284 SUSE-SU-2016:0470 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html [libc-alpha] 20131022 [PATCH][BZ #16072] Fix stack overflow due to large AF_INET6 requests https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html https://sourceware.org/bugzilla/show_bug.cgi?id=16072 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |