Test ID:	1.3.6.1.4.1.25623.1.1.1.1.2023.5514
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-5514-1)
Summary:	The remote host is missing an update for the Debian 'glibc' package(s) announced via the DSA-5514-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'glibc' package(s) announced via the DSA-5514-1 advisory. Vulnerability Insight: The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation. Details can be found in the Qualys advisory at [link moved to references] For the oldstable distribution (bullseye), this problem has been fixed in version 2.31-13+deb11u7. For the stable distribution (bookworm), this problem has been fixed in version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and CVE-2023-4806 originally planned for the upcoming bookworm point release. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'glibc' package(s) on Debian 11, Debian 12. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-4911 RHBZ#2238352 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 RHSA-2023:5453 https://access.redhat.com/errata/RHSA-2023:5453 RHSA-2023:5454 https://access.redhat.com/errata/RHSA-2023:5454 RHSA-2023:5455 https://access.redhat.com/errata/RHSA-2023:5455 RHSA-2023:5476 https://access.redhat.com/errata/RHSA-2023:5476 RHSA-2024:0033 https://access.redhat.com/errata/RHSA-2024:0033 http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html http://seclists.org/fulldisclosure/2023/Oct/11 http://www.openwall.com/lists/oss-security/2023/10/03/2 http://www.openwall.com/lists/oss-security/2023/10/03/3 http://www.openwall.com/lists/oss-security/2023/10/05/1 http://www.openwall.com/lists/oss-security/2023/10/13/11 http://www.openwall.com/lists/oss-security/2023/10/14/3 http://www.openwall.com/lists/oss-security/2023/10/14/5 http://www.openwall.com/lists/oss-security/2023/10/14/6 https://access.redhat.com/security/cve/CVE-2023-4911 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/ https://security.gentoo.org/glsa/202310-03 https://security.netapp.com/advisory/ntap-20231013-0006/ https://www.debian.org/security/2023/dsa-5514 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.