Amazon Linux AMI : glibc (ALAS-2018-1017)

critical Nessus Plugin ID 109699

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Fragmentation attacks possible when EDNS0 is enabled

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132)

Buffer overflow in glob with GLOB_TILDE

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.(CVE-2017-15670)

Denial of service in getnetbyname function

The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402)

DNS resolver NULL pointer dereference with crafted record type

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180)

realpath() buffer underflow when getcwd() returns relative path allows privilege escalation

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001)

Buffer overflow during unescaping of user names with the ~ operator

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804)

Solution

Run 'yum update glibc' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2018-1017.html

Plugin Details

Severity: Critical

ID: 109699

File Name: ala_ALAS-2018-1017.nasl

Version: 1.4

Type: local

Agent: unix

Published: 5/11/2018

Updated: 10/9/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-15804

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:glibc-static, p-cpe:/a:amazon:linux:glibc-devel, p-cpe:/a:amazon:linux:glibc-common, p-cpe:/a:amazon:linux:glibc, p-cpe:/a:amazon:linux:glibc-utils, p-cpe:/a:amazon:linux:glibc-debuginfo, p-cpe:/a:amazon:linux:glibc-headers, p-cpe:/a:amazon:linux:glibc-debuginfo-common, cpe:/o:amazon:linux, p-cpe:/a:amazon:linux:nscd

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/10/2018

Exploitable With

Metasploit (glibc realpath() Privilege Escalation)

Reference Information

CVE: CVE-2014-9402, CVE-2015-5180, CVE-2017-12132, CVE-2017-15670, CVE-2017-15804, CVE-2018-1000001

ALAS: 2018-1017