Detections
Analytics
openSUSE Security Update : glibc (openSUSE-SU-2010:0913-1)
high Nessus Plugin ID 50373
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update of glibc fixes various bugs and security issues :CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion triggers before the respective code is executed. The bug was fixed nevertheless.
CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid root execution and could load shared libraries from standard system library paths. This could be used by local attackers to inject code into setuid root programs and so elevated privileges.
CVE-2010-0830: Integer overflow causing arbitrary code execution in ld.so
--verify mode could be induced by a specially crafted binary.
CVE-2010-0296: The addmntent() function would not escape the newline character properly, allowing the user to insert arbitrary newlines to the /etc/mtab; if the addmntent() is run by a setuid mount binary that does not do extra input checking, this would allow custom entries to be inserted in /etc/mtab.
CVE-2008-1391: The strfmon() function contains an integer overflow vulnerability in width specifiers handling that could be triggered by an attacker that can control the format string passed to strfmon().
Solution
Update the affected glibc packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=375315
https://bugzilla.novell.com/show_bug.cgi?id=572188
https://bugzilla.novell.com/show_bug.cgi?id=592941
https://bugzilla.novell.com/show_bug.cgi?id=594263
https://bugzilla.novell.com/show_bug.cgi?id=646960
https://lists.opensuse.org/opensuse-updates/2010-10/msg00040.html
Plugin Details
Severity: High
ID: 50373
File Name: suse_11_2_glibc-101027.nasl
Version: 1.12
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/28/2010
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:glibc, p-cpe:/a:novell:opensuse:glibc-32bit, p-cpe:/a:novell:opensuse:glibc-devel, p-cpe:/a:novell:opensuse:glibc-devel-32bit, p-cpe:/a:novell:opensuse:glibc-html, p-cpe:/a:novell:opensuse:glibc-i18ndata, p-cpe:/a:novell:opensuse:glibc-info, p-cpe:/a:novell:opensuse:glibc-locale, p-cpe:/a:novell:opensuse:glibc-locale-32bit, p-cpe:/a:novell:opensuse:glibc-obsolete, p-cpe:/a:novell:opensuse:glibc-profile, p-cpe:/a:novell:opensuse:glibc-profile-32bit, p-cpe:/a:novell:opensuse:nscd, cpe:/o:novell:opensuse:11.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/27/2010
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation)
Reference Information
CVE: CVE-2008-1391, CVE-2010-0296, CVE-2010-0830, CVE-2010-3847, CVE-2010-3856
CWE: 189