Detections
Analytics

Debian dla-3152 : glibc-doc - security update

critical Nessus Plugin ID 166426

Language:

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory.

 ------------------------------------------------------------------------- Debian LTS Advisory DLA-3152-1 [email protected] https://www.debian.org/lts/security/ Helmut Grohne October 17, 2022 https://wiki.debian.org/LTS
 -------------------------------------------------------------------------

 Package : glibc Version : 2.28-10+deb10u2 CVE ID : CVE-2016-10228 CVE-2019-19126 CVE-2019-25013 CVE-2020-1752 CVE-2020-6096 CVE-2020-10029 CVE-2020-27618 CVE-2021-3326 CVE-2021-3999 CVE-2021-27645 CVE-2021-33574 CVE-2021-35942 CVE-2022-23218 CVE-2022-23219 Debian Bug : 856503 945250 953108 953788 961452 973914 979273 981198 983479 989147 990542

 This update fixes a wide range of vulnerabilities. A significant portion affects character set conversion.

 CVE-2016-10228

 The iconv program in the GNU C Library when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

 CVE-2019-19126

 On the x86-64 architecture, the GNU C Library fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

 CVE-2019-25013

 The iconv feature in the GNU C Library, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.

 CVE-2020-10029

 The GNU C Library could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

 CVE-2020-1752

 A use-after-free vulnerability introduced in glibc was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution.

 CVE-2020-27618

 The iconv function in the GNU C Library, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.

 CVE-2020-6096

 An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

 CVE-2021-27645

 The nameserver caching daemon (nscd) in the GNU C Library, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

 CVE-2021-3326

 The iconv function in the GNU C Library, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

 CVE-2021-33574

 The mq_notify function in the GNU C Library has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

 CVE-2021-35942

 The wordexp function in the GNU C Library may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

 CVE-2021-3999

 An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

 CVE-2022-23218

 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.

 CVE-2022-23219

 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.


 For Debian 10 buster, these problems have been fixed in version 2.28-10+deb10u2.

 We recommend that you upgrade your glibc packages.

 For the detailed security status of glibc please refer to its security tracker page at:
 https://security-tracker.debian.org/tracker/glibc

 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Attachment:
 signature.asc Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the glibc-doc packages.

See Also

https://security-tracker.debian.org/tracker/source-package/glibc

https://security-tracker.debian.org/tracker/CVE-2016-10228

https://security-tracker.debian.org/tracker/CVE-2019-19126

https://security-tracker.debian.org/tracker/CVE-2019-25013

https://security-tracker.debian.org/tracker/CVE-2020-10029

https://security-tracker.debian.org/tracker/CVE-2020-1752

https://security-tracker.debian.org/tracker/CVE-2020-27618

https://security-tracker.debian.org/tracker/CVE-2020-6096

https://security-tracker.debian.org/tracker/CVE-2021-27645

https://security-tracker.debian.org/tracker/CVE-2021-3326

https://security-tracker.debian.org/tracker/CVE-2021-33574

https://security-tracker.debian.org/tracker/CVE-2021-35942

https://security-tracker.debian.org/tracker/CVE-2021-3999

https://security-tracker.debian.org/tracker/CVE-2022-23218

https://security-tracker.debian.org/tracker/CVE-2022-23219

https://packages.debian.org/source/buster/glibc

Plugin Details

Severity: Critical

ID: 166426

File Name: debian_DLA-3152.nasl

Version: 1.4

Type: local

Agent: unix

Published: 10/23/2022

Updated: 1/22/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2022-23219

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:glibc-source, p-cpe:/a:debian:debian_linux:libc6-x32, p-cpe:/a:debian:debian_linux:glibc-doc, p-cpe:/a:debian:debian_linux:libc6-xen, p-cpe:/a:debian:debian_linux:libc6-dev-x32, p-cpe:/a:debian:debian_linux:libc6-i386, p-cpe:/a:debian:debian_linux:libc-dev-bin, p-cpe:/a:debian:debian_linux:libc6-pic, cpe:/o:debian:debian_linux:10.0, p-cpe:/a:debian:debian_linux:libc6-amd64, p-cpe:/a:debian:debian_linux:libc-l10n, p-cpe:/a:debian:debian_linux:libc6-dev-amd64, p-cpe:/a:debian:debian_linux:locales-all, p-cpe:/a:debian:debian_linux:nscd, p-cpe:/a:debian:debian_linux:libc6-dev-i386, p-cpe:/a:debian:debian_linux:locales, p-cpe:/a:debian:debian_linux:libc-bin, p-cpe:/a:debian:debian_linux:libc6, p-cpe:/a:debian:debian_linux:libc6-dbg, p-cpe:/a:debian:debian_linux:multiarch-support, p-cpe:/a:debian:debian_linux:libc6-dev

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/20/2022

Vulnerability Publication Date: 3/2/2017

Reference Information

CVE: CVE-2016-10228, CVE-2019-19126, CVE-2019-25013, CVE-2020-10029, CVE-2020-1752, CVE-2020-27618, CVE-2020-6096, CVE-2021-27645, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942, CVE-2021-3999, CVE-2022-23218, CVE-2022-23219