The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3152-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                        Helmut Grohne     October 17, 2022                              https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : glibc     Version        : 2.28-10+deb10u2     CVE ID         : CVE-2016-10228 CVE-2019-19126 CVE-2019-25013                      CVE-2020-1752 CVE-2020-6096 CVE-2020-10029                      CVE-2020-27618 CVE-2021-3326 CVE-2021-3999                      CVE-2021-27645 CVE-2021-33574 CVE-2021-35942                      CVE-2022-23218 CVE-2022-23219     Debian Bug     : 856503 945250 953108 953788 961452 973914 979273 981198                      983479 989147 990542

    This update fixes a wide range of vulnerabilities. A significant portion     affects character set conversion.

    CVE-2016-10228

        The iconv program in the GNU C Library when invoked with multiple         suffixes in the destination encoding (TRANSLATE or IGNORE) along with         the -c option, enters an infinite loop when processing invalid         multi-byte input sequences, leading to a denial of service.

    CVE-2019-19126

        On the x86-64 architecture, the GNU C Library fails to ignore the         LD_PREFER_MAP_32BIT_EXEC environment variable during program         execution after a security transition, allowing local attackers to         restrict the possible mapping addresses for loaded libraries and         thus bypass ASLR for a setuid program.

    CVE-2019-25013

        The iconv feature in the GNU C Library, when processing invalid         multi-byte input sequences in the EUC-KR encoding, may have a buffer         over-read.

    CVE-2020-10029

        The GNU C Library could overflow an on-stack buffer during range         reduction if an input to an 80-bit long double function contains a         non-canonical bit pattern, a seen when passing a         0x5d414141414141410000 value to sinl on x86 targets. This is related         to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.

    CVE-2020-1752

        A use-after-free vulnerability introduced in glibc was found in the         way the tilde expansion was carried out. Directory paths containing         an initial tilde followed by a valid username were affected by this         issue. A local attacker could exploit this flaw by creating a         specially crafted path that, when processed by the glob function,         would potentially lead to arbitrary code execution.

    CVE-2020-27618

        The iconv function in the GNU C Library, when processing invalid         multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390,         and IBM1399 encodings, fails to advance the input state, which could         lead to an infinite loop in applications, resulting in a denial of         service, a different vulnerability from CVE-2016-10228.

    CVE-2020-6096

        An exploitable signed comparison vulnerability exists in the ARMv7         memcpy() implementation of GNU glibc. Calling memcpy() (on ARMv7         targets that utilize the GNU glibc implementation) with a negative         value for the 'num' parameter results in a signed comparison         vulnerability. If an attacker underflows the 'num' parameter to         memcpy(), this vulnerability could lead to undefined behavior such as         writing to out-of-bounds memory and potentially remote code         execution.  Furthermore, this memcpy() implementation allows for         program execution to continue in scenarios where a segmentation fault         or crash should have occurred. The dangers occur in that subsequent         execution and iterations of this code will be executed with this         corrupted data.

    CVE-2021-27645

        The nameserver caching daemon (nscd) in the GNU C Library, when         processing a request for netgroup lookup, may crash due to a         double-free, potentially resulting in degraded service or Denial of         Service on the local system. This is related to netgroupcache.c.

    CVE-2021-3326

        The iconv function in the GNU C Library, when processing invalid         input sequences in the ISO-2022-JP-3 encoding, fails an assertion in         the code path and aborts the program, potentially resulting in a         denial of service.

    CVE-2021-33574

        The mq_notify function in the GNU C Library has a use-after-free. It         may use the notification thread attributes object (passed through         its struct sigevent parameter) after it has been freed by the caller,         leading to a denial of service (application crash) or possibly         unspecified other impact.

    CVE-2021-35942

        The wordexp function in the GNU C Library may crash or read arbitrary         memory in parse_param (in posix/wordexp.c) when called with an         untrusted, crafted pattern, potentially resulting in a denial of         service or disclosure of information. This occurs because atoi was         used but strtoul should have been used to ensure correct calculations.

    CVE-2021-3999

        An off-by-one buffer overflow and underflow in getcwd() may lead to         memory corruption when the size of the buffer is exactly 1. A local         attacker who can control the input buffer and size passed to getcwd()         in a setuid program could use this flaw to potentially execute         arbitrary code and escalate their privileges on the system.

    CVE-2022-23218

        The deprecated compatibility function svcunix_create in the sunrpc         module of the GNU C Library copies its path argument on the stack         without validating its length, which may result in a buffer overflow,         potentially resulting in a denial of service or (if an application         is not built with a stack protector enabled) arbitrary code execution.

    CVE-2022-23219

        The deprecated compatibility function clnt_create in the sunrpc module         of the GNU C Library copies its hostname argument on the stack without         validating its length, which may result in a buffer overflow,         potentially resulting in a denial of service or (if an application is         not built with a stack protector enabled) arbitrary code execution.


    For Debian 10 buster, these problems have been fixed in version     2.28-10+deb10u2.

    We recommend that you upgrade your glibc packages.

    For the detailed security status of glibc please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/glibc

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian dla-3152 : glibc-doc - security update

critical Nessus Plugin ID 166426

Version 1.4

Version 1.3

Version 1.2

Version 1.4 Jan 22, 2025, 5:44 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202501221744
Version 1.3 Oct 9, 2023, 5:00 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310091700
Version 1.2 Oct 23, 2022, 9:48 PM New Plugin Feed: 202210232148