Test ID:	1.3.6.1.4.1.25623.1.1.12.2014.2432.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2432-1)
Summary:	The remote host is missing an update for the 'eglibc, glibc' package(s) announced via the USN-2432-1 advisory.
Description:	Summary: The remote host is missing an update for the 'eglibc, glibc' package(s) announced via the USN-2432-1 advisory. Vulnerability Insight: Siddhesh Poyarekar discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2012-6656) Adhemerval Zanella Netto discovered that the GNU C Library incorrectly handled certain multibyte characters when using the iconv function. An attacker could possibly use this issue to cause applications to crash, resulting in a denial of service. (CVE-2014-6040) Tim Waugh discovered that the GNU C Library incorrectly enforced the WRDE_NOCMD flag when handling the wordexp function. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2014-7817) Affected Software/OS: 'eglibc, glibc' package(s) on Ubuntu 10.04, Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-6656 BugTraq ID: 69472 http://www.securityfocus.com/bid/69472 Debian Security Information: DSA-3142 (Google Search) http://www.debian.org/security/2015/dsa-3142 https://security.gentoo.org/glsa/201503-04 http://www.mandriva.com/security/advisories?name=MDVSA-2014:175 http://www.openwall.com/lists/oss-security/2014/08/29/3 http://www.openwall.com/lists/oss-security/2014/09/02/1 http://www.ubuntu.com/usn/USN-2432-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-6040 62100 http://secunia.com/advisories/62100 62146 http://secunia.com/advisories/62146 69472 DSA-3142 GLSA-201602-02 https://security.gentoo.org/glsa/201602-02 MDVSA-2014:175 USN-2432-1 http://ubuntu.com/usn/usn-2432-1 [oss-security] 20140829 CVE request: glibc character set conversion from IBM code pages [oss-security] 20140902 Re: CVE request: glibc character set conversion from IBM code pages http://linux.oracle.com/errata/ELSA-2015-0016.html https://sourceware.org/bugzilla/show_bug.cgi?id=17325 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=41488498b6 Common Vulnerability Exposure (CVE) ID: CVE-2014-7817 71216 http://www.securityfocus.com/bid/71216 RHSA-2014:2023 http://rhn.redhat.com/errata/RHSA-2014-2023.html [libc-alpha] 20141119 [COMMITTED] CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html [oss-security] 20141120 CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified http://seclists.org/oss-sec/2014/q4/730 gnu-glibc-cve20147817-command-exec(98852) https://exchange.xforce.ibmcloud.com/vulnerabilities/98852 http://linux.oracle.com/errata/ELSA-2015-0092.html http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://sourceware.org/bugzilla/show_bug.cgi?id=17625 https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c openSUSE-SU-2015:0351 http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.