Detections
Analytics
RHEL 5 : glibc (RHSA-2013:0769)
high Nessus Plugin ID 66211
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for glibc.Description
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0769 advisory.The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914)
A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.
(CVE-2013-0242)
This update also fixes the following bugs:
* The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535)
* It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access.
(BZ#951493)
Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL glibc package based on the guidance in RHSA-2013:0769.See Also
http://www.nessus.org/u?1bf49a1c
https://rhn.redhat.com/errata/RHSA-2012-1207.html
https://access.redhat.com/site/solutions/229993
https://bugzilla.redhat.com/show_bug.cgi?id=905874
https://bugzilla.redhat.com/show_bug.cgi?id=947882
https://access.redhat.com/errata/RHSA-2013:0769
https://access.redhat.com/security/updates/classification/#low
Plugin Details
Severity: High
ID: 66211
File Name: redhat-RHSA-2013-0769.nasl
Version: 1.17
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 4/25/2013
Updated: 11/4/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
Vendor
Vendor Severity: Low
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2013-1914
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:5, p-cpe:/a:redhat:enterprise_linux:glibc-headers, p-cpe:/a:redhat:enterprise_linux:glibc-utils, p-cpe:/a:redhat:enterprise_linux:glibc-common, p-cpe:/a:redhat:enterprise_linux:glibc-devel, p-cpe:/a:redhat:enterprise_linux:glibc, p-cpe:/a:redhat:enterprise_linux:nscd
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 4/24/2013
Reference Information
CVE: CVE-2013-0242, CVE-2013-1914
RHSA: 2013:0769