ID CVE-2013-0242
Summary Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
References
Vulnerable Configurations
  • GNU glibc 2.17
    cpe:2.3:a:gnu:glibc:2.17
CVSS
Base: 5.0 (as of 11-02-2013 - 12:56)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-130917.NASL
    description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in . (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Don't raise UNDERFLOW in tan/tanf for small but normal argument. (bnc#819347) - Properly cross page boundary in SSE4.2 implementation of strcmp. (bnc#822210) - Fix robust mutex handling after fork. (bnc#827811) - Fix missing character in IBM-943 charset. (bnc#828235) - Fix use of alloca in gaih_inet. (bnc#828637) - Initialize pointer guard also in static executables. (CVE-2013-4788, bnc#830268) - Fix readdir_r with long file names. (CVE-2013-4237, bnc#834594)
    last seen 2019-02-21
    modified 2013-12-10
    plugin id 71308
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71308
    title SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-130913.NASL
    description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in . (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec. (bnc#818628) - Don't raise UNDERFLOW in tan/tanf for small but normal argument. (bnc#819347) - Properly cross page boundary in SSE4.2 implementation of strcmp. (bnc#822210) - Fix robust mutex handling after fork. (bnc#827811) - Fix missing character in IBM-943 charset. (bnc#828235) - Fix use of alloca in gaih_inet. (bnc#828637) - Initialize pointer guard also in static executables. (CVE-2013-4788, bnc#830268) - Fix readdir_r with long file names. (CVE-2013-4237, bnc#834594)
    last seen 2019-02-21
    modified 2013-12-10
    plugin id 71307
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71307
    title SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-4174.NASL
    description Fix multibyte character processing crash in regexp (#922889, #905874, CVE-2013-0242) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 66724
    published 2013-06-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66724
    title Fedora 17 : glibc-2.15-59.fc17 (2013-4174)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0023.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000) - Correct test for detecting cycle during topo sort (#729661) - Check values from TZ file header (#767688) - Complete the numeric settings fix (#675259) - Complete the change for error codes from pthread_create (#707998) - Truncate time values in Linux futimes when falling back to utime (#758252) - Update systemtaparches - Add rules to build libresolv with SSP flags (#756453) - Fix PLT reference - Workaround misconfigured system (#702300) - Update systemtaparches - Correct cycle detection during dependency sorting (#729661) - Add gdb hooks (#711924) - Fix alloca accounting in strxfm and strcoll (#585433) - Correct cycle detection during dependency sorting (#729661) - ldd: never run file directly (#531160) - Implement greedy matching of weekday and month names (#657570) - Fix incorrect numeric settings (#675259) - Implement new mode for NIS passwd.adjunct.byname table (#678318) - Query NIS domain only when needed (#703345) - Count total processors using sysfs (#706894) - Translate clone error if necessary (#707998) - Workaround kernel clobbering robust list (#711531) - Use correct type when casting d_tag (#599056, CVE-2010-0830) - Report write error in addmnt even for cached streams (#688980, CVE-2011-1089) - Don't underestimate length of DST substitution (#694655) - Don't allocate executable stack when it cannot be allocated in the first 4G (#448011) - Initialize resolver state in nscd (#676039) - No cancel signal in unsafe places (#684808) - Check size of pattern in wide character representation in fnmatch (#681054) - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071) - Properly quote output of locale (#625893, CVE-2011-1095) - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of $ORIGIN when privileged (#667974, CVE-2011-0536) - Fix handling of newline in addmntent (#559579, CVE-2010-0296) - Don't ignore $ORIGIN in libraries (#670988) - Fix false assertion (#604796) - Fix ordering of DSO constructors and destructors (#604796) - Fix typo (#531576) - Fix concurrency problem between dl_open and dl_iterate_phdr (#649956) - Require suid bit on audit objects in privileged programs (#645678, CVE-2010-3856) - Never expand $ORIGIN in privileged programs (#643819, CVE-2010-3847) - Add timestamps to nscd logs (#527558) - Fix index wraparound handling in memusage (#531576) - Handle running out of buffer space with IPv6 mapping enabled (#533367) - Don't deadlock in __dl_iterate_phdr while (un)loading objects (#549813) - Avoid alloca in setenv for long strings (#559974) - Recognize POWER7 and ISA 2.06 (#563563) - Add support for AT_BASE_PLATFORM (#563599) - Restore locking in free_check (#585674) - Fix lookup of collation sequence value during regexp matching (#587360) - Fix POWER6 memcpy/memset (#579011) - Fix scope handling during dl_close (#593675) - Enable -fasynchronous-unwind-tables throughout (#593047) - Fix crash when aio thread creation fails (#566712)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 81118
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81118
    title OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-4100.NASL
    description Fix multibyte character processing crash in regexp (CVE-2013-0242). Fix ownership of /usr/lib[64]/audit (#894307). Rename release engineering directory to `releng' (#903754). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 65745
    published 2013-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65745
    title Fedora 18 : glibc-2.16-30.fc18 (2013-4100)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0024.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 81119
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81119
    title OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL
    description The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238) - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332) - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191) - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 79862
    published 2014-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79862
    title ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1991-1.NASL
    description It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424) It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. (CVE-2013-0242) It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. (CVE-2013-1914) It was discovered that the GNU C Library readdir_r() function incorrectly handled crafted NTFS or CIFS images. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4237) It was discovered that the GNU C Library incorrectly handled memory allocation. An attacker could use this issue to cause a denial of service. (CVE-2013-4332). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 70538
    published 2013-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70538
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-723.NASL
    description This update fixes the following issues in glibc : - CVE-2012-4412: glibc: buffer overflow in strcoll - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r() - bnc#805054: man 1 locale mentions non-existent file - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed - bnc#819383: pldd a process multiple times can freeze the process - bnc#819524: nscd segfault - bnc#824046: glibc: blacklist code in bindresvport doesn't release lock, results in double-lock - bnc#839870: glibc: three integer overflows in memory allocator - ARM: Support loading unmarked objects from cache
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75154
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75154
    title openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0769.NASL
    description From Red Hat Security Advisory 2013:0769 : Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : * The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535) * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493) Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68814
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68814
    title Oracle Linux 5 : glibc (ELSA-2013-0769)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2014-0008.NASL
    description a. vCenter Server Apache Struts Update The Apache Struts library is updated to address a security issue. This issue may lead to remote code execution after authentication. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-0114 to this issue. b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates tc-server has been updated to version 2.9.5 to address multiple security issues. This version of tc-server includes Apache Tomcat 7.0.52. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-4590, CVE-2013-4322, and CVE-2014-0050 to these issues. c. Update to ESXi glibc package glibc is updated to address multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2013-0242 and CVE-2013-1914 to these issues. d. vCenter and Update Manager, Oracle JRE 1.7 Update 55 Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 55 in the Oracle Java SE Critical Patch Update Advisory of April 2014. The References section provides a link to this advisory.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 77630
    published 2014-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77630
    title VMSA-2014-0008 : VMware vSphere product updates to third-party libraries
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1605.NASL
    description From Red Hat Security Advisory 2013:1605 : Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71106
    published 2013-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71106
    title Oracle Linux 6 : glibc (ELSA-2013-1605)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1128-1.NASL
    description This glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83638
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83638
    title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_5_BUILD_2068190_REMOTE.NASL
    description The remote VMware ESXi host is version 5.5 prior to build 1980513. It is, therefore, affected by the following vulnerabilities in the glibc library : - A buffer overflow flaw exists in the 'extend_buffers' function of the 'posix/regexec.c' file, due to not properly validating user input. Using a specially crafted expression, a remote attacker can cause a denial of service. (CVE-2013-0242) - A buffer overflow flaw exists in the 'getaddrinfo' function of the '/sysdeps/posix/getaddrinfo.c' file, due to not properly validating user input. A remote attacker can cause a denial of service by triggering a large number of domain conversions. (CVE-2013-1914)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 78108
    published 2014-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78108
    title ESXi 5.5 < Build 1980513 glibc Library Multiple Vulnerabilities (remote check)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131121_GLIBC_ON_SL6_X.NASL
    description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : - Due to a defect in the initial release of the getaddrinfo() system call in Scientific Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71193
    published 2013-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71193
    title Scientific Linux Security Update : glibc on SL6.x i386/x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-270.NASL
    description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 71582
    published 2013-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71582
    title Amazon Linux AMI : glibc (ALAS-2013-270)
  • NASL family Misc.
    NASL id VMWARE_VMSA-2014-0008_REMOTE.NASL
    description The remote ESXi host is affected by multiple denial of service vulnerabilities in the glibc library : - A buffer overflow condition exists in the extend_buffers() function in file posix/regexec.c due to improper validation of user-supplied input when handling multibyte characters in a regular expression. An unauthenticated, remote attacker can exploit this, via a crafted regular expression, to corrupt the memory, resulting in a denial of service. (CVE-2013-0242) - A stack-based buffer overflow condition exists in the getaddrinfo() function in file posix/getaddrinfo.c due to improper validation of user-supplied input during the handling of domain conversion results. An unauthenticated, remote attacker can exploit this to cause a denial of service by using a crafted host name or IP address that triggers a large number of domain conversion results. (CVE-2013-1914)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 87679
    published 2015-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87679
    title VMware ESXi Multiple DoS (VMSA-2014-0008)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1122-1.NASL
    description This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don't crash on unresolved weak symbol reference. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#836746: Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork. - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#830268: Initialize pointer guard also in static executables. (CVE-2013-4788) - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83637
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83637
    title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1605.NASL
    description Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71009
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71009
    title RHEL 6 : glibc (RHSA-2013:1605)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1605.NASL
    description Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79166
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79166
    title CentOS 6 : glibc (CESA-2013:1605)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-163.NASL
    description Multiple vulnerabilities has been discovered and corrected in glibc : Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters (CVE-2013-0242). Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results (CVE-2013-1914). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66342
    published 2013-05-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66342
    title Mandriva Linux Security Advisory : glibc (MDVSA-2013:163)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-165.NASL
    description Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library. #553206 CVE-2015-1472 CVE-2015-1473 The scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2012-3405 The printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service. CVE-2012-3406 The printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string. CVE-2012-3480 Multiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVE-2012-4412 Integer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVE-2012-4424 Stack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVE-2013-0242 Buffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVE-2013-1914 CVE-2013-4458 Stack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results. CVE-2013-4237 readdir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service. CVE-2013-4332 Multiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions. CVE-2013-4357 The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2013-4788 When the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective. CVE-2013-7423 The send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVE-2013-7424 The getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2014-4043 The posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. For the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5. For the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82149
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82149
    title Debian DLA-165-1 : eglibc security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201503-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 81689
    published 2015-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81689
    title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0769.NASL
    description Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : * The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535) * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493) Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66211
    published 2013-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66211
    title RHEL 5 : glibc (RHSA-2013:0769)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2014-0017.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Don't use alloca in addgetnetgrentX (#1087789). - Adjust pointers to triplets in netgroup query data (#1087789). - Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098050). - Fix race in free of fastbin chunk (#1091162). - Revert the addition of gettimeofday vDSO function for ppc and ppc64 until OPD VDSO function call issues are resolved (#1026533). - Call gethostbyname4_r only for PF_UNSPEC (#1022022). - Fix integer overflows in *valloc and memalign. (#1008310). - Initialize res_hconf in nscd (#970090). - Update previous patch for dcigettext.c and loadmsgcat.c (#834386). - Save search paths before performing relro protection (#988931). - Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for slowpow (#905575). - Align value of stacksize in nptl-init (#663641). - Renamed release engineering directory from 'fedora' to `releng' (#903754). - Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc (#929302). - Fall back to local DNS if resolv.conf does not define nameservers (#928318). - Add systemtap probes to slowexp and slowpow (#905575). - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951213). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951213). - Add netgroup cache support for nscd (#629823). - Fix multiple nss_compat initgroups bugs (#966778). - Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384). - Add MAP_HUGETLB and MAP_STACK support (#916986). - Update translation for stale file handle error (#970776). - Improve performance of _SC_NPROCESSORS_ONLN (#rh952422). - Fix up _init in pt-initfini to accept arguments (#663641). - Set reasonable limits on xdr requests to prevent memory leaks (#848748). - Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars (#552960). - New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size (#663641). - Improved handling of recursive calls in backtrace (#868808). - The ttyname and ttyname_r functions on Linux now fall back to searching for the tty file descriptor in /dev/pts or /dev if /proc is not available. This allows creation of chroots without the procfs mounted on /proc. (#851470) - Don't free rpath strings allocated during startup until after ld.so is re-relocated. (#862094) - Consistantly MANGLE/DEMANGLE function pointers. Fix use after free in dcigettext.c (#834386). - Change rounding mode only when necessary (#966775). - Backport of code to allow incremental loading of library list (#886968). - Fix loading of audit libraries when TLS is in use (#919562) - Fix application of SIMD FP exception mask (#929388).
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79539
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79539
    title OracleVM 3.3 : glibc (OVMSA-2014-0017)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_2323231_REMOTE.NASL
    description The remote VMware ESXi host is version 5.1 prior to build 2323231. It is, therefore, affected by the following vulnerabilities in the glibc library : - A buffer overflow flaw exists in the 'extend_buffers' function of the 'posix/regexec.c' file due to improper validation of user input. Using a specially crafted expression, a remote attacker can cause a denial of service. (CVE-2013-0242) - A buffer overflow flaw exists in the 'getaddrinfo' function of the '/sysdeps/posix/getaddrinfo.c' file due to improper validation of user input. A remote attacker can cause a denial of service by triggering a large number of domain conversions. (CVE-2013-1914)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80037
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80037
    title ESXi 5.1 < Build 2323231 glibc Library Multiple Vulnerabilities (remote check)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0769.NASL
    description Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : * The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535) * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493) Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 66217
    published 2013-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66217
    title CentOS 5 : glibc (CESA-2013:0769)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130424_GLIBC_ON_SL5_X.NASL
    description It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs : - The improvements made in a previous update to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. - It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 66227
    published 2013-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66227
    title Scientific Linux Security Update : glibc on SL5.x i386/x86_64
redhat via4
advisories
  • rhsa
    id RHSA-2013:0769
  • rhsa
    id RHSA-2013:1605
rpms
  • glibc-0:2.5-107.el5_9.4
  • glibc-common-0:2.5-107.el5_9.4
  • glibc-devel-0:2.5-107.el5_9.4
  • glibc-headers-0:2.5-107.el5_9.4
  • glibc-utils-0:2.5-107.el5_9.4
  • nscd-0:2.5-107.el5_9.4
  • glibc-0:2.12-1.132.el6
  • glibc-common-0:2.12-1.132.el6
  • glibc-devel-0:2.12-1.132.el6
  • glibc-headers-0:2.12-1.132.el6
  • glibc-static-0:2.12-1.132.el6
  • glibc-utils-0:2.12-1.132.el6
  • nscd-0:2.12-1.132.el6
refmap via4
bid 57638
confirm http://www.vmware.com/security/advisories/VMSA-2014-0008.html
gentoo GLSA-201503-04
mandriva MDVSA-2013:163
misc http://sourceware.org/bugzilla/show_bug.cgi?id=15078
mlist
  • [libc-alpha] 20130129 [PATCH] Fix buffer overrun in regexp matcher
  • [oss-security] 20130130 Re: CVE Request -- glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters
osvdb 89747
sectrack 1028063
secunia
  • 51951
  • 55113
ubuntu USN-1991-1
xf glibc-extendbuffers-dos(81707)
vmware via4
description glibc is updated to address multiple security issues.
id VMSA-2014-0008
last_updated 2014-09-09T00:00:00
published 2014-09-09T00:00:00
title Update to ESXi glibc package
workaround None
Last major update 06-01-2017 - 21:59
Published 08-02-2013 - 15:55
Last modified 28-08-2017 - 21:33
Back to Top