RHEL 2.1 : glibc (RHSA-2003:022)

medium Nessus Plugin ID 12354

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated glibc packages are available to fix a buffer overflow in the resolver.

The GNU C library package, glibc, contains standard libraries used by multiple programs on the system.

A read buffer overflow vulnerability exists in the glibc resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes and can cause applications to crash.

In addition to this, several non-security related bugs have been fixed, the majority for the Itanium (IA64) platform.

All Red Hat Linux Advanced Server users are advised to upgrade to these errata packages which contain a patch to correct this vulnerability.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2002-1146

https://access.redhat.com/errata/RHSA-2003:022

Plugin Details

Severity: Medium

ID: 12354

File Name: redhat-RHSA-2003-022.nasl

Version: 1.24

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:glibc-profile, p-cpe:/a:redhat:enterprise_linux:glibc-common, p-cpe:/a:redhat:enterprise_linux:glibc-devel, p-cpe:/a:redhat:enterprise_linux:glibc, p-cpe:/a:redhat:enterprise_linux:nscd, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/4/2003

Vulnerability Publication Date: 10/11/2002

Reference Information

CVE: CVE-2002-1146

CERT: 738331

RHSA: 2003:022