The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:5476 advisory.

    The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard     math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system.
    Without these libraries, the Linux system cannot function correctly.

    Security Fix(es):

    * glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 : glibc (RHSA-2023:5476)

high Nessus Plugin ID 182621

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.4

Version 1.3

Version 1.3

Version 1.2

Version 1.2

Version 1.1

Version 1.0

Version 1.7 Nov 7, 2024, 2:36 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202411071436
Version 1.6 Apr 28, 2024, 2:25 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202404281425
Version 1.5 Jan 29, 2024, 4:10 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202401291610
Version 1.4 Jan 26, 2024, 11:18 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401262318
Version 1.4 Jan 29, 2024, 2:15 PM Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202401291415
Version 1.3 Dec 22, 2023, 3:04 PM Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202312221504
Version 1.3 Jan 26, 2024, 9:00 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202401262100
Version 1.2 Nov 21, 2023, 6:18 PM CISA reference Plugin Feed: 202311211818
Version 1.2 Dec 22, 2023, 1:07 PM Exploit attributes ("Exploit framework metasploit" set to "True") Plugin Feed: 202312221307
Version 1.1 Nov 1, 2023, 1:41 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:H/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:H/RL:O/RC:C") Exploit attributes ("Exploited by malware" set to "True") Plugin Feed: 202311011341
Version 1.0 Oct 6, 2023, 4:01 AM New Plugin Feed: 202310060401