Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703480
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3480-1 (eglibc - security update)
Summary:Several vulnerabilities have been fixed;in the GNU C Library, eglibc.;;The CVE-2015-7547;vulnerability listed below is considered to have;critical impact.;;CVE-2014-8121;Robin Hack discovered that the nss_files database did not;correctly implement enumeration interleaved with name-based or;ID-based lookups. This could cause the enumeration enter an;endless loop, leading to a denial of service.;;CVE-2015-1781;Arjun Shankar discovered that the _r variants of host name;resolution functions (like gethostbyname_r), when performing DNS;name resolution, suffered from a buffer overflow if a misaligned;buffer was supplied by the applications, leading to a crash or,;potentially, arbitrary code execution. Most applications are not;affected by this vulnerability because they use aligned buffers.;;CVE-2015-7547;The Google Security Team and Red Hat discovered that the eglibc;host name resolver function, getaddrinfo, when processing;AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its;internal buffers, leading to a stack-based buffer overflow and;arbitrary code execution. This vulnerability affects most;applications which perform host name resolution using getaddrinfo,;including system services.;;Description truncated. Please see the references for more information.;;While it is only necessary to ensure that all processes are not using;the old eglibc anymore, it is recommended to reboot the machines after;applying the security upgrade.
Description:Summary:
Several vulnerabilities have been fixed
in the GNU C Library, eglibc.

The CVE-2015-7547
vulnerability listed below is considered to have
critical impact.

CVE-2014-8121
Robin Hack discovered that the nss_files database did not
correctly implement enumeration interleaved with name-based or
ID-based lookups. This could cause the enumeration enter an
endless loop, leading to a denial of service.

CVE-2015-1781
Arjun Shankar discovered that the _r variants of host name
resolution functions (like gethostbyname_r), when performing DNS
name resolution, suffered from a buffer overflow if a misaligned
buffer was supplied by the applications, leading to a crash or,
potentially, arbitrary code execution. Most applications are not
affected by this vulnerability because they use aligned buffers.

CVE-2015-7547
The Google Security Team and Red Hat discovered that the eglibc
host name resolver function, getaddrinfo, when processing
AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its
internal buffers, leading to a stack-based buffer overflow and
arbitrary code execution. This vulnerability affects most
applications which perform host name resolution using getaddrinfo,
including system services.

Description truncated. Please see the references for more information.

While it is only necessary to ensure that all processes are not using
the old eglibc anymore, it is recommended to reboot the machines after
applying the security upgrade.

Affected Software/OS:
eglibc on Debian Linux

Solution:
For the oldstable distribution (wheezy),
these problems have been fixed in version 2.13-38+deb7u10.

We recommend that you upgrade your eglibc packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2014-8121
BugTraq ID: 73038
http://www.securityfocus.com/bid/73038
Debian Security Information: DSA-3480 (Google Search)
http://www.debian.org/security/2016/dsa-3480
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/ml/libc-alpha/2015-02/msg00617.html
RedHat Security Advisories: RHSA-2015:0327
http://rhn.redhat.com/errata/RHSA-2015-0327.html
SuSE Security Announcement: SUSE-SU-2015:1424 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html
SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
http://www.ubuntu.com/usn/USN-2985-1
http://www.ubuntu.com/usn/USN-2985-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-1781
BugTraq ID: 74255
http://www.securityfocus.com/bid/74255
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html
RedHat Security Advisories: RHSA-2015:0863
https://rhn.redhat.com/errata/RHSA-2015-0863.html
http://www.securitytracker.com/id/1032178
Common Vulnerability Exposure (CVE) ID: CVE-2015-7547
BugTraq ID: 83265
http://www.securityfocus.com/bid/83265
Bugtraq: 20190904 SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X (Google Search)
https://seclists.org/bugtraq/2019/Sep/7
CERT/CC vulnerability note: VU#457759
https://www.kb.cert.org/vuls/id/457759
Debian Security Information: DSA-3481 (Google Search)
http://www.debian.org/security/2016/dsa-3481
https://www.exploit-db.com/exploits/39454/
https://www.exploit-db.com/exploits/40339/
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177412.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://seclists.org/fulldisclosure/2021/Sep/0
HPdes Security Advisory: HPSBGN03442
http://marc.info/?l=bugtraq&m=145690841819314&w=2
HPdes Security Advisory: HPSBGN03547
http://marc.info/?l=bugtraq&m=145596041017029&w=2
HPdes Security Advisory: HPSBGN03549
http://marc.info/?l=bugtraq&m=145672440608228&w=2
HPdes Security Advisory: HPSBGN03551
http://marc.info/?l=bugtraq&m=145857691004892&w=2
HPdes Security Advisory: HPSBGN03582
http://marc.info/?l=bugtraq&m=146161017210491&w=2
http://packetstormsecurity.com/files/135802/glibc-getaddrinfo-Stack-Based-Buffer-Overflow.html
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
https://ics-cert.us-cert.gov/advisories/ICSA-16-103-01
https://www.tenable.com/security/research/tra-2017-08
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
RedHat Security Advisories: RHSA-2016:0175
http://rhn.redhat.com/errata/RHSA-2016-0175.html
RedHat Security Advisories: RHSA-2016:0176
http://rhn.redhat.com/errata/RHSA-2016-0176.html
RedHat Security Advisories: RHSA-2016:0225
http://rhn.redhat.com/errata/RHSA-2016-0225.html
RedHat Security Advisories: RHSA-2016:0277
http://rhn.redhat.com/errata/RHSA-2016-0277.html
http://www.securitytracker.com/id/1035020
SuSE Security Announcement: SUSE-SU-2016:0471 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
SuSE Security Announcement: SUSE-SU-2016:0472 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
SuSE Security Announcement: SUSE-SU-2016:0473 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
SuSE Security Announcement: openSUSE-SU-2016:0510 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00042.html
SuSE Security Announcement: openSUSE-SU-2016:0511 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00043.html
SuSE Security Announcement: openSUSE-SU-2016:0512 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00044.html
http://ubuntu.com/usn/usn-2900-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-8776
BugTraq ID: 83277
http://www.securityfocus.com/bid/83277
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
https://security.gentoo.org/glsa/201702-11
https://www.sourceware.org/ml/libc-alpha/2016-02/msg00502.html
http://www.openwall.com/lists/oss-security/2016/01/19/11
http://www.openwall.com/lists/oss-security/2016/01/20/1
RedHat Security Advisories: RHSA-2017:0680
http://rhn.redhat.com/errata/RHSA-2017-0680.html
RedHat Security Advisories: RHSA-2017:1916
https://access.redhat.com/errata/RHSA-2017:1916
Common Vulnerability Exposure (CVE) ID: CVE-2015-8777
BugTraq ID: 81469
http://www.securityfocus.com/bid/81469
http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html
http://www.securitytracker.com/id/1034811
Common Vulnerability Exposure (CVE) ID: CVE-2015-8778
BugTraq ID: 83275
http://www.securityfocus.com/bid/83275
Common Vulnerability Exposure (CVE) ID: CVE-2015-8779
BugTraq ID: 82244
http://www.securityfocus.com/bid/82244
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.