The version of glibc installed on the remote host is prior to 2.26-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2371 advisory.

  - The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It     may use the notification thread attributes object (passed through its struct sigevent parameter) after it     has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified     other impact. (CVE-2021-33574)

  - In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles     certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was     introduced as a side effect of the CVE-2021-33574 fix. (CVE-2021-38604)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : glibc (ALAS-2023-2371)

critical Nessus Plugin ID 186573

Version 1.2