ID CVE-2013-4332
Summary Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
References
Vulnerable Configurations
  • GNU glibc 2.18
    cpe:2.3:a:gnu:glibc:2.18
  • GNU glibc 2.17
    cpe:2.3:a:gnu:glibc:2.17
  • GNU glibc 2.16
    cpe:2.3:a:gnu:glibc:2.16
  • GNU glibc 2.15
    cpe:2.3:a:gnu:glibc:2.15
  • GNU glibc 2.14.1
    cpe:2.3:a:gnu:glibc:2.14.1
  • GNU glibc 2.14
    cpe:2.3:a:gnu:glibc:2.14
  • GNU glibc 2.13
    cpe:2.3:a:gnu:glibc:2.13
  • GNU glibc 2.12.2
    cpe:2.3:a:gnu:glibc:2.12.2
  • GNU glibc 2.12.1
    cpe:2.3:a:gnu:glibc:2.12.1
  • GNU glibc 2.11.3
    cpe:2.3:a:gnu:glibc:2.11.3
  • GNU glibc 2.11.2
    cpe:2.3:a:gnu:glibc:2.11.2
  • GNU glibc 2.11.1
    cpe:2.3:a:gnu:glibc:2.11.1
  • GNU glibc 2.11
    cpe:2.3:a:gnu:glibc:2.11
  • GNU glibc 2.10.1
    cpe:2.3:a:gnu:glibc:2.10.1
  • GNU glibc 2.1.9
    cpe:2.3:a:gnu:glibc:2.1.9
  • GNU glibc 2.1.3
    cpe:2.3:a:gnu:glibc:2.1.3
  • GNU glibc 2.1.2
    cpe:2.3:a:gnu:glibc:2.1.2
  • GNU glibc 2.1.1.6
    cpe:2.3:a:gnu:glibc:2.1.1.6
  • GNU glibc 2.1.1
    cpe:2.3:a:gnu:glibc:2.1.1
  • GNU glibc 2.1
    cpe:2.3:a:gnu:glibc:2.1
  • GNU glibc 2.0.6
    cpe:2.3:a:gnu:glibc:2.0.6
  • GNU glibc 2.0.5
    cpe:2.3:a:gnu:glibc:2.0.5
  • GNU glibc 2.0.4
    cpe:2.3:a:gnu:glibc:2.0.4
  • GNU glibc 2.0.3
    cpe:2.3:a:gnu:glibc:2.0.3
  • GNU glibc 2.0.2
    cpe:2.3:a:gnu:glibc:2.0.2
  • GNU glibc 2.0.1
    cpe:2.3:a:gnu:glibc:2.0.1
  • GNU glibc 2.0
    cpe:2.3:a:gnu:glibc:2.0
  • Red Hat Enterprise Linux 5
    cpe:2.3:o:redhat:enterprise_linux:5
CVSS
Base: 4.3 (as of 09-10-2013 - 21:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-130917.NASL
    description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in . (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Don't raise UNDERFLOW in tan/tanf for small but normal argument. (bnc#819347) - Properly cross page boundary in SSE4.2 implementation of strcmp. (bnc#822210) - Fix robust mutex handling after fork. (bnc#827811) - Fix missing character in IBM-943 charset. (bnc#828235) - Fix use of alloca in gaih_inet. (bnc#828637) - Initialize pointer guard also in static executables. (CVE-2013-4788, bnc#830268) - Fix readdir_r with long file names. (CVE-2013-4237, bnc#834594)
    last seen 2019-02-21
    modified 2013-12-10
    plugin id 71308
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71308
    title SuSE 11.3 Security Update : glibc (SAT Patch Number 8337)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1411.NASL
    description From Red Hat Security Advisory 2013:1411 : Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) This update also fixes the following bug : * Prior to this update, the size of the L3 cache in certain CPUs for SMP (Symmetric Multiprocessing) servers was not correctly detected. The incorrect cache size detection resulted in less than optimal performance for routines that used this information, including the memset() function. To fix this bug, the cache size detection has been corrected and core routines including memset() have their performance restored to expected levels. (BZ#1011424) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 70363
    published 2013-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70363
    title Oracle Linux 5 : glibc (ELSA-2013-1411)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-130913.NASL
    description This update for glibc contains the following fixes : - Fix integer overflows in malloc. (CVE-2013-4332, bnc#839870) - Fix buffer overflow in glob. (bnc#691365) - Fix buffer overflow in strcoll. (CVE-2012-4412, bnc#779320) - Update mount flags in . (bnc#791928) - Fix buffer overrun in regexp matcher. (CVE-2013-0242, bnc#801246) - Fix memory leaks in dlopen. (bnc#811979) - Fix stack overflow in getaddrinfo with many results. (CVE-2013-1914, bnc#813121) - Fix check for XEN build in glibc_post_upgrade that causes missing init re-exec. (bnc#818628) - Don't raise UNDERFLOW in tan/tanf for small but normal argument. (bnc#819347) - Properly cross page boundary in SSE4.2 implementation of strcmp. (bnc#822210) - Fix robust mutex handling after fork. (bnc#827811) - Fix missing character in IBM-943 charset. (bnc#828235) - Fix use of alloca in gaih_inet. (bnc#828637) - Initialize pointer guard also in static executables. (CVE-2013-4788, bnc#830268) - Fix readdir_r with long file names. (CVE-2013-4237, bnc#834594)
    last seen 2019-02-21
    modified 2013-12-10
    plugin id 71307
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71307
    title SuSE 11.2 Security Update : glibc (SAT Patch Number 8335)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131008_GLIBC_ON_SL5_X.NASL
    description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) This update also fixes the following bug : - Prior to this update, the size of the L3 cache in certain CPUs for SMP (Symmetric Multiprocessing) servers was not correctly detected. The incorrect cache size detection resulted in less than optimal performance for routines that used this information, including the memset() function. To fix this bug, the cache size detection has been corrected and core routines including memset() have their performance restored to expected levels.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 70393
    published 2013-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70393
    title Scientific Linux Security Update : glibc on SL5.x i386/x86_64
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0023.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000) - Correct test for detecting cycle during topo sort (#729661) - Check values from TZ file header (#767688) - Complete the numeric settings fix (#675259) - Complete the change for error codes from pthread_create (#707998) - Truncate time values in Linux futimes when falling back to utime (#758252) - Update systemtaparches - Add rules to build libresolv with SSP flags (#756453) - Fix PLT reference - Workaround misconfigured system (#702300) - Update systemtaparches - Correct cycle detection during dependency sorting (#729661) - Add gdb hooks (#711924) - Fix alloca accounting in strxfm and strcoll (#585433) - Correct cycle detection during dependency sorting (#729661) - ldd: never run file directly (#531160) - Implement greedy matching of weekday and month names (#657570) - Fix incorrect numeric settings (#675259) - Implement new mode for NIS passwd.adjunct.byname table (#678318) - Query NIS domain only when needed (#703345) - Count total processors using sysfs (#706894) - Translate clone error if necessary (#707998) - Workaround kernel clobbering robust list (#711531) - Use correct type when casting d_tag (#599056, CVE-2010-0830) - Report write error in addmnt even for cached streams (#688980, CVE-2011-1089) - Don't underestimate length of DST substitution (#694655) - Don't allocate executable stack when it cannot be allocated in the first 4G (#448011) - Initialize resolver state in nscd (#676039) - No cancel signal in unsafe places (#684808) - Check size of pattern in wide character representation in fnmatch (#681054) - Avoid too much stack use in fnmatch (#681054, CVE-2011-1071) - Properly quote output of locale (#625893, CVE-2011-1095) - Don't leave empty element in rpath when skipping the first element, ignore rpath elements containing non-isolated use of $ORIGIN when privileged (#667974, CVE-2011-0536) - Fix handling of newline in addmntent (#559579, CVE-2010-0296) - Don't ignore $ORIGIN in libraries (#670988) - Fix false assertion (#604796) - Fix ordering of DSO constructors and destructors (#604796) - Fix typo (#531576) - Fix concurrency problem between dl_open and dl_iterate_phdr (#649956) - Require suid bit on audit objects in privileged programs (#645678, CVE-2010-3856) - Never expand $ORIGIN in privileged programs (#643819, CVE-2010-3847) - Add timestamps to nscd logs (#527558) - Fix index wraparound handling in memusage (#531576) - Handle running out of buffer space with IPv6 mapping enabled (#533367) - Don't deadlock in __dl_iterate_phdr while (un)loading objects (#549813) - Avoid alloca in setenv for long strings (#559974) - Recognize POWER7 and ISA 2.06 (#563563) - Add support for AT_BASE_PLATFORM (#563599) - Restore locking in free_check (#585674) - Fix lookup of collation sequence value during regexp matching (#587360) - Fix POWER6 memcpy/memset (#579011) - Fix scope handling during dl_close (#593675) - Enable -fasynchronous-unwind-tables throughout (#593047) - Fix crash when aio thread creation fails (#566712)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 81118
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81118
    title OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0024.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Switch to use malloc when the input line is too long [Orabug 19951108] - Use a /sys/devices/system/cpu/online for _SC_NPROCESSORS_ONLN implementation [Orabug 17642251] (Joe Jin) - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183532). - Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475, - Fix patch for integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Fix return code when starting an already started nscd daemon (#979413). - Fix getnameinfo for many PTR record queries (#1020486). - Return EINVAL error for negative sizees to getgroups (#995207). - Fix integer overflows in *valloc and memalign. (CVE-2013-4332, #1011805). - Add support for newer L3 caches on x86-64 and correctly count the number of hardware threads sharing a cacheline (#1003420). - Revert incomplete fix for bug #758193. - Fix _nl_find_msg malloc failure case, and callers (#957089). - Test on init_fct, not result->__init_fct, after demangling (#816647). - Don't handle ttl == 0 specially (#929035). - Fix multibyte character processing crash in regexp (CVE-2013-0242, #951132) - Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951132) - Add missing patch to avoid use after free (#816647) - Fix race in initgroups compat_call (#706571) - Fix return value from getaddrinfo when servers are down. (#758193) - Fix fseek on wide character streams. Sync's seeking code with RHEL 6 (#835828) - Call feraiseexcept only if exceptions are not masked (#861871). - Always demangle function before checking for NULL value. (#816647). - Do not fail in ttyname if /proc is not available (#851450). - Fix errno for various overflow situations in vfprintf. Add missing overflow checks. (#857387) - Handle failure of _nl_explode_name in all cases (#848481) - Define the default fuzz factor to 2 to make it easier to manipulate RHEL 5 RPMs on RHEL 6 and newer systems. - Fix race in intl/* testsuite (#849202) - Fix out of bounds array access in strto* exposed by 847930 patch. - Really fix POWER4 strncmp crash (#766832). - Fix integer overflow leading to buffer overflow in strto* (#847930) - Fix race in msort/qsort (#843672) - Fix regression due to 797096 changes (#845952) - Do not use PT_IEEE_IP ptrace calls (#839572) - Update ULPs (#837852) - Fix various transcendentals in non-default rounding modes (#837852) - Fix unbound alloca in vfprintf (#826947) - Fix iconv segfault if the invalid multibyte character 0xffff is input when converting from IBM930. (#823905) - Fix fnmatch when '*' wildcard is applied on a file name containing multibyte chars. (#819430) - Fix unbound allocas use in glob_in_dir, getaddrinfo and others. (#797096) - Fix segfault when running ld.so --verify on some DSO's in current working directory. (#808342) - Incorrect initialization order for dynamic loader (#813348) - Fix return code when stopping already stopped nscd daemon (#678227) - Remove MAP_32BIT for pthread stack mappings, use MAP_STACK instead (#641094) - Fix setuid vs sighandler_setxid race (#769852) - Fix access after end of search string in regex matcher (#757887) - Fix POWER4 strncmp crash (#766832) - Fix SC_*CACHE detection for X5670 cpus (#692182) - Fix parsing IPV6 entries in /etc/resolv.conf (#703239) - Fix double-free in nss_nis code (#500767) - Add kernel VDSO support for s390x (#795896) - Fix race in malloc arena creation and make implementation match documented behaviour (#800240) - Do not override TTL of CNAME with TTL of its alias (#808014) - Fix short month names in fi_FI locale #(657266). - Fix nscd crash for group with large number of members (#788989) - Fix Slovakia currency (#799853) - Fix getent malloc failure check (#806403) - Fix short month names in zh_CN locale (#657588) - Fix decimal point symbol for Portuguese currency (#710216) - Avoid integer overflow in sbrk (#767358) - Avoid race between [,__de]allocate_stack and __reclaim_stacks during fork (#738665) - Fix race between IO_flush_all_lockp & pthread_cancel (#751748) - Fix memory leak in NIS endgrent (#809325) - Allow getaddr to accept SCTP socket types in hints (#765710) - Fix errno handling in vfprintf (#794814) - Filter out when building file lists (#784646). - Avoid 'nargs' integer overflow which could be used to bypass FORTIFY_SOURCE (#794814) - Fix currency_symbol for uk_UA (#639000)
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 81119
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81119
    title OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_2323236_REMOTE.NASL
    description The remote VMware ESXi host is version 5.1 prior to build 2323236. It is, therefore, affected by the following vulnerabilities in bundled third-party libraries : - Multiple vulnerabilities exist in the bundled Python library. (CVE-2011-3389, CVE-2012-0845, CVE-2012-0876, CVE-2012-1150, CVE-2013-1752, CVE-2013-4238) - Multiple vulnerabilities exist in the bundled GNU C Library (glibc). (CVE-2013-0242, CVE-2013-1914, CVE-2013-4332) - Multiple vulnerabilities exist in the bundled XML Parser library (libxml2). (CVE-2013-2877, CVE-2014-0191) - Multiple vulnerabilities exist in the bundled cURL library (libcurl). (CVE-2014-0015, CVE-2014-0138)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 79862
    published 2014-12-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79862
    title ESXi 5.1 < Build 2323236 Third-Party Libraries Multiple Vulnerabilities (remote check) (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-17475.NASL
    description Existing statically linked applications must be rebuilt to fix CVE-2013-4788. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 70180
    published 2013-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70180
    title Fedora 19 : glibc-2.17-18.fc19 (2013-17475)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1991-1.NASL
    description It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2012-4412, CVE-2012-4424) It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. (CVE-2013-0242) It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. (CVE-2013-1914) It was discovered that the GNU C Library readdir_r() function incorrectly handled crafted NTFS or CIFS images. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2013-4237) It was discovered that the GNU C Library incorrectly handled memory allocation. An attacker could use this issue to cause a denial of service. (CVE-2013-4332). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 70538
    published 2013-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70538
    title Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : eglibc vulnerabilities (USN-1991-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1411.NASL
    description Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) This update also fixes the following bug : * Prior to this update, the size of the L3 cache in certain CPUs for SMP (Symmetric Multiprocessing) servers was not correctly detected. The incorrect cache size detection resulted in less than optimal performance for routines that used this information, including the memset() function. To fix this bug, the cache size detection has been corrected and core routines including memset() have their performance restored to expected levels. (BZ#1011424) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 70348
    published 2013-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70348
    title RHEL 5 : glibc (RHSA-2013:1411)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-723.NASL
    description This update fixes the following issues in glibc : - CVE-2012-4412: glibc: buffer overflow in strcoll - CVE-2013-0242: glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters - CVE-2013-1914: glibc: stack overflow in getaddrinfo() sorting - CVE-2013-2207: glibc: pt_chown tricked into granting access to another users pseudo-terminal - CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r() - bnc#805054: man 1 locale mentions non-existent file - bnc#813306: glibc 2.17 fprintf(stderr, ...) triggers write of undefined values if stderr is closed - bnc#819383: pldd a process multiple times can freeze the process - bnc#819524: nscd segfault - bnc#824046: glibc: blacklist code in bindresvport doesn't release lock, results in double-lock - bnc#839870: glibc: three integer overflows in memory allocator - ARM: Support loading unmarked objects from cache
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75154
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75154
    title openSUSE Security Update : glibc (openSUSE-SU-2013:1510-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2014-0002.NASL
    description a. DDoS vulnerability in NTP third-party libraries The NTP daemon has a DDoS vulnerability in the handling of the 'monlist' command. An attacker may send a forged request to a vulnerable NTP server resulting in an amplified response to the intended target of the DDoS attack. Mitigation Mitigation for this issue is documented in VMware Knowledge Base article 2070193. This article also documents when vSphere products are affected. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5211 to this issue. b. Update to ESXi glibc package The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-4332 to this issue. c. vCenter and Update Manager, Oracle JRE 1.7 Update 45 Oracle JRE is updated to version JRE 1.7 Update 45, which addresses multiple security issues that existed in earlier releases of Oracle JRE. Oracle has documented the CVE identifiers that are addressed in JRE 1.7.0 update 45 in the Oracle Java SE Critical Patch Update Advisory of October 2013. The References section provides a link to this advisory.
    last seen 2019-02-21
    modified 2018-08-07
    plugin id 72958
    published 2014-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72958
    title VMSA-2014-0002 : VMware vSphere updates to third-party libraries
  • NASL family Misc.
    NASL id VMWARE_VMSA-2014-0002_REMOTE.NASL
    description The remote VMware ESX / ESXi host is affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the glibc package in file malloc/malloc.c. An unauthenticated, remote attacker can exploit these to cause heap memory corruption by passing large values to the pvalloc(), valloc(), posix_memalign(), memalign(), or aligned_alloc() functions, resulting in a denial of service. (CVE-2013-4332) - A distributed denial of service (DDoS) vulnerability exists in the NTP daemon due to improper handling of the 'monlist' command. A remote attacker can exploit this, via a forged request to an affected NTP server, to cause an amplified response to the intended target of the DDoS attack. (CVE-2013-5211)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 87674
    published 2015-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87674
    title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2014-0002)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_5_BUILD_1623387_REMOTE.NASL
    description The remote VMware ESXi host is version 5.5 prior to build 1623387. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in the bundled GNU C Library (glibc) due to improper validation of user-supplied input. A remote attacker can exploit these issues to cause a buffer overflow, resulting in a denial of service condition. (CVE-2013-4332) - A flaw exists in the monlist feature in NTP. A remote attacker can exploit this flaw, using a specially crafted packet to load the query function in monlist, to conduct a distributed denial of service attack. (CVE-2013-5211)
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 83781
    published 2015-05-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83781
    title ESXi 5.5 < Build 1623387 Multiple Vulnerabilities (remote check)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-17423.NASL
    description Existing statically linked applications must be rebuilt to fix CVE-2013-4788. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 70158
    published 2013-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70158
    title Fedora 20 : glibc-2.18-9.fc20 (2013-17423)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1605.NASL
    description From Red Hat Security Advisory 2013:1605 : Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71106
    published 2013-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71106
    title Oracle Linux 6 : glibc (ELSA-2013-1605)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1128-1.NASL
    description This glibc update fixes a critical privilege escalation problem and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#860501: Use O_LARGEFILE for utmp file. - bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#824639: Drop lock before calling malloc_printerr. - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83638
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83638
    title SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131121_GLIBC_ON_SL6_X.NASL
    description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : - Due to a defect in the initial release of the getaddrinfo() system call in Scientific Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71193
    published 2013-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71193
    title Scientific Linux Security Update : glibc on SL6.x i386/x86_64
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2013-270.NASL
    description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 71582
    published 2013-12-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71582
    title Amazon Linux AMI : glibc (ALAS-2013-270)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-1122-1.NASL
    description This glibc update fixes a critical privilege escalation vulnerability and the following security and non-security issues : - bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit that targets the problem is publicly available. (CVE-2014-5119) - bnc#886416: Avoid redundant shift character in iconv output at block boundary. - bnc#883022: Initialize errcode in sysdeps/unix/opendir.c. - bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) - bnc#864081: Take lock in pthread_cond_wait cleanup handler only when needed. - bnc#843735: Don't crash on unresolved weak symbol reference. - bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) - bnc#836746: Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork. - bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) - bnc#830268: Initialize pointer guard also in static executables. (CVE-2013-4788) - bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) - bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) - bnc#750741: Use absolute timeout in x86 pthread_cond_timedwait. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83637
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83637
    title SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1605.NASL
    description Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71009
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71009
    title RHEL 6 : glibc (RHSA-2013:1605)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1411.NASL
    description Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) This update also fixes the following bug : * Prior to this update, the size of the L3 cache in certain CPUs for SMP (Symmetric Multiprocessing) servers was not correctly detected. The incorrect cache size detection resulted in less than optimal performance for routines that used this information, including the memset() function. To fix this bug, the cache size detection has been corrected and core routines including memset() have their performance restored to expected levels. (BZ#1011424) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79155
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79155
    title CentOS 5 : glibc (CESA-2013:1411)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1605.NASL
    description Updated glibc packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug : * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79166
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79166
    title CentOS 6 : glibc (CESA-2013:1605)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-283.NASL
    description Updated glibc packages fixes the following security issues : Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow (CVE-2012-4412). Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function (CVE-2012-4424). pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system (CVE-2013-2207). NOTE! This is fixed by removing pt_chown wich may break chroots if their devpts was not mounted correctly (make sure to mount the devpts correctly with gid=5). sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted (1) NTFS or (2) CIFS image (CVE-2013-4237). Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions (CVE-2013-4332). A stack (frame) overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to CVE-2013-1914, this affects AF_INET6 rather than AF_UNSPEC (CVE-2013-4458). The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address (CVE-2013-4788). Other fixes in this update : - Correct the processing of '\x80' characters in crypt_freesec.c - fix typo in nscd.service
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 71092
    published 2013-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71092
    title Mandriva Linux Security Advisory : glibc (MDVSA-2013:283)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-165.NASL
    description Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library. #553206 CVE-2015-1472 CVE-2015-1473 The scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2012-3405 The printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service. CVE-2012-3406 The printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string. CVE-2012-3480 Multiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow. CVE-2012-4412 Integer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. CVE-2012-4424 Stack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. CVE-2013-0242 Buffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters. CVE-2013-1914 CVE-2013-4458 Stack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results. CVE-2013-4237 readdir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service. CVE-2013-4332 Multiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions. CVE-2013-4357 The getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2013-4788 When the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective. CVE-2013-7423 The send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. CVE-2013-7424 The getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code. CVE-2014-4043 The posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities. For the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5. For the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82149
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82149
    title Debian DLA-165-1 : eglibc security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201503-04.NASL
    description The remote host is affected by the vulnerability described in GLSA-201503-04 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker may be able to execute arbitrary code or cause a Denial of Service condition,. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-05-20
    plugin id 81689
    published 2015-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81689
    title GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST)
redhat via4
advisories
  • bugzilla
    id 1007545
    title CVE-2013-4332 glibc: three integer overflows in memory allocator
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment glibc is earlier than 0:2.5-118.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131411002
        • comment glibc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787003
      • AND
        • comment glibc-common is earlier than 0:2.5-118.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131411006
        • comment glibc-common is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787009
      • AND
        • comment glibc-devel is earlier than 0:2.5-118.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131411012
        • comment glibc-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787007
      • AND
        • comment glibc-headers is earlier than 0:2.5-118.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131411004
        • comment glibc-headers is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787013
      • AND
        • comment glibc-utils is earlier than 0:2.5-118.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131411010
        • comment glibc-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787005
      • AND
        • comment nscd is earlier than 0:2.5-118.el5_10.2
          oval oval:com.redhat.rhsa:tst:20131411008
        • comment nscd is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100787011
    rhsa
    id RHSA-2013:1411
    released 2013-10-08
    severity Moderate
    title RHSA-2013:1411: glibc security and bug fix update (Moderate)
  • bugzilla
    id 1007545
    title CVE-2013-4332 glibc: three integer overflows in memory allocator
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment glibc is earlier than 0:2.12-1.132.el6
          oval oval:com.redhat.rhsa:tst:20131605005
        • comment glibc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872006
      • AND
        • comment glibc-common is earlier than 0:2.12-1.132.el6
          oval oval:com.redhat.rhsa:tst:20131605017
        • comment glibc-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872012
      • AND
        • comment glibc-devel is earlier than 0:2.12-1.132.el6
          oval oval:com.redhat.rhsa:tst:20131605013
        • comment glibc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872018
      • AND
        • comment glibc-headers is earlier than 0:2.12-1.132.el6
          oval oval:com.redhat.rhsa:tst:20131605007
        • comment glibc-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872010
      • AND
        • comment glibc-static is earlier than 0:2.12-1.132.el6
          oval oval:com.redhat.rhsa:tst:20131605009
        • comment glibc-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872008
      • AND
        • comment glibc-utils is earlier than 0:2.12-1.132.el6
          oval oval:com.redhat.rhsa:tst:20131605015
        • comment glibc-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872014
      • AND
        • comment nscd is earlier than 0:2.12-1.132.el6
          oval oval:com.redhat.rhsa:tst:20131605011
        • comment nscd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100872016
    rhsa
    id RHSA-2013:1605
    released 2013-11-21
    severity Moderate
    title RHSA-2013:1605: glibc security, bug fix, and enhancement update (Moderate)
rpms
  • glibc-0:2.5-118.el5_10.2
  • glibc-common-0:2.5-118.el5_10.2
  • glibc-devel-0:2.5-118.el5_10.2
  • glibc-headers-0:2.5-118.el5_10.2
  • glibc-utils-0:2.5-118.el5_10.2
  • nscd-0:2.5-118.el5_10.2
  • glibc-0:2.12-1.132.el6
  • glibc-common-0:2.12-1.132.el6
  • glibc-devel-0:2.12-1.132.el6
  • glibc-headers-0:2.12-1.132.el6
  • glibc-static-0:2.12-1.132.el6
  • glibc-utils-0:2.12-1.132.el6
  • nscd-0:2.12-1.132.el6
refmap via4
bid 62324
confirm
gentoo GLSA-201503-04
mandriva
  • MDVSA-2013:283
  • MDVSA-2013:284
mlist [oss-security] 20130912 Re: CVE Request: Three integer overflows in glibc memory allocator
secunia 55113
ubuntu USN-1991-1
vmware via4
description The ESXi glibc package is updated to version glibc-2.5-118.el5_10.2 to resolve a security issue.
id VMSA-2014-0002
last_updated 2014-05-29T00:00:00
published 2014-03-11T00:00:00
title Update to ESXi glibc package
Last major update 28-11-2016 - 14:09
Published 09-10-2013 - 18:55
Last modified 30-06-2017 - 21:29
Back to Top