Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.892695
Categoría:Debian Local Security Checks
Título:Debian LTS: Security Advisory for klibc (DLA-2695-1)
Resumen:The remote host is missing an update for the 'klibc'; package(s) announced via the DLA-2695-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'klibc'
package(s) announced via the DLA-2695-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in klibc. Depending on
how klibc is used, these could lead to the execution of arbitrary
code, privilege escalation, or denial of service.

Thanks to Microsoft Vulnerability Research for reporting the heap bugs
and going some of the way to identifying the cpio bugs.

CVE-2021-31870

Multiplication in the calloc() function may result in an integer
overflow and a subsequent heap buffer overflow.

CVE-2021-31871

An integer overflow in the cpio command may result in a NULL
pointer dereference.

CVE-2021-31872

Multiple possible integer overflows in the cpio command on 32-bit
systems may result in a buffer overflow or other security impact.

CVE-2021-31873

Additions in malloc() function may result in integer overflow and
subsequent heap buffer overflow.

Affected Software/OS:
'klibc' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
2.0.4-9+deb9u1.

We recommend that you upgrade your klibc packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-31870
Common Vulnerability Exposure (CVE) ID: CVE-2021-31871
Common Vulnerability Exposure (CVE) ID: CVE-2021-31872
Common Vulnerability Exposure (CVE) ID: CVE-2021-31873
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.