Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.105372 |
Categoría: | F5 Local Security Checks |
Título: | F5 BIG-IP - GNU C Library (glibc) vulnerability CVE-2014-7817 |
Resumen: | The remote host is missing a security patch. |
Descripción: | Summary: The remote host is missing a security patch. Vulnerability Insight: The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing '$((`...`))'. (CVE-2014-7817) Vulnerability Impact: An attacker with local access and knowledge of how to make the glibc function trigger an exploit may be able to run arbitrary code. However, the risk level for this vulnerability is considered LOW because F5 product development has verified that the vulnerable code is NOT used in a way that would make an exploit possible. Solution: See the referenced vendor advisory for a solution. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-7817 BugTraq ID: 71216 http://www.securityfocus.com/bid/71216 Debian Security Information: DSA-3142 (Google Search) http://www.debian.org/security/2015/dsa-3142 https://security.gentoo.org/glsa/201602-02 https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html http://seclists.org/oss-sec/2014/q4/730 RedHat Security Advisories: RHSA-2014:2023 http://rhn.redhat.com/errata/RHSA-2014-2023.html http://secunia.com/advisories/62100 http://secunia.com/advisories/62146 SuSE Security Announcement: openSUSE-SU-2015:0351 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://www.ubuntu.com/usn/USN-2432-1 XForce ISS Database: gnu-glibc-cve20147817-command-exec(98852) https://exchange.xforce.ibmcloud.com/vulnerabilities/98852 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |