Mandrake Linux Security Advisory : glibc (MDKSA-2002:050)

high Nessus Plugin ID 13953

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the 'dns' entry in the 'networks' database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to 'files' and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 13953

File Name: mandrake_MDKSA-2002-050.nasl

Version: 1.17

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:glibc-profile, p-cpe:/a:mandriva:linux:glibc, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.2, cpe:/o:mandrakesoft:mandrake_linux:8.1, p-cpe:/a:mandriva:linux:glibc-devel, cpe:/o:mandrakesoft:mandrake_linux:8.0, p-cpe:/a:mandriva:linux:ldconfig, p-cpe:/a:mandriva:linux:nscd

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 8/13/2002

Reference Information

CVE: CVE-2002-0651, CVE-2002-0684

MDKSA: 2002:050