RHEL 2.1 : glibc (RHSA-2003:022)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated glibc packages are available to fix a buffer overflow in the
resolver.

The GNU C library package, glibc, contains standard libraries used by
multiple programs on the system.

A read buffer overflow vulnerability exists in the glibc resolver code
in versions of glibc up to and including 2.2.5. The vulnerability is
triggered by DNS packets larger than 1024 bytes and can cause
applications to crash.

In addition to this, several non-security related bugs have been
fixed, the majority for the Itanium (IA64) platform.

All Red Hat Linux Advanced Server users are advised to upgrade to
these errata packages which contain a patch to correct this
vulnerability.

See also :

https://www.redhat.com/security/data/cve/CVE-2002-1146.html
http://rhn.redhat.com/errata/RHSA-2003-022.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12354 ()

Bugtraq ID:

CVE ID: CVE-2002-1146