Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.871360 |
Category: | Red Hat Local Security Checks |
Title: | RedHat Update for glibc RHSA-2015:0863-01 |
Summary: | The remote host is missing an update for the 'glibc'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'glibc' package(s) announced via the referenced advisory. Vulnerability Insight: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781) It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423) The CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat. This update also fixes the following bug: * Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. (BZ#1194149) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: glibc on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-7423 BugTraq ID: 72844 http://www.securityfocus.com/bid/72844 http://seclists.org/fulldisclosure/2021/Sep/0 https://security.gentoo.org/glsa/201602-02 http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html http://www.openwall.com/lists/oss-security/2015/01/28/20 RedHat Security Advisories: RHSA-2015:0863 http://rhn.redhat.com/errata/RHSA-2015-0863.html RedHat Security Advisories: RHSA-2016:1207 https://access.redhat.com/errata/RHSA-2016:1207 SuSE Security Announcement: openSUSE-SU-2015:0351 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html http://www.ubuntu.com/usn/USN-2519-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1781 BugTraq ID: 74255 http://www.securityfocus.com/bid/74255 Debian Security Information: DSA-3480 (Google Search) http://www.debian.org/security/2016/dsa-3480 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html https://www.sourceware.org/ml/libc-alpha/2015-08/msg00609.html https://rhn.redhat.com/errata/RHSA-2015-0863.html http://www.securitytracker.com/id/1032178 SuSE Security Announcement: SUSE-SU-2015:1424 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html SuSE Security Announcement: SUSE-SU-2016:0470 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html http://www.ubuntu.com/usn/USN-2985-1 http://www.ubuntu.com/usn/USN-2985-2 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |