This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
Multiple integer overflow flaws, leading to heap-based buffer
overflows, were found in glibc's memory allocator functions (pvalloc,
valloc, and memalign). If an application used such a function, it
could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the
A flaw was found in the regular expression matching routines that
process multibyte character input. If an application utilized the
glibc regular expression matching mechanism, an attacker could provide
specially crafted input that, when processed, would cause the
application to crash. (CVE-2013-0242)
It was found that getaddrinfo() did not limit the amount of stack
memory used during name resolution. An attacker able to make an
application resolve an attacker-controlled hostname or IP address
could possibly cause the application to exhaust all stack memory and
Among other changes, this update includes an important fix for the
following bug :
- Due to a defect in the initial release of the
getaddrinfo() system call in Scientific Linux 6.0,
AF_INET and AF_INET6 queries resolved from the
/etc/hosts file returned queried names as canonical
names. This incorrect behavior is, however, still
considered to be the expected behavior. As a result of a
recent change in getaddrinfo(), AF_INET6 queries started
resolving the canonical names correctly. However, this
behavior was unexpected by applications that relied on
queries resolved from the /etc/hosts file, and these
applications could thus fail to operate properly. This
update applies a fix ensuring that AF_INET6 queries
resolved from /etc/hosts always return the queried name
as canonical. Note that DNS lookups are resolved
properly and always return the correct canonical names.
A proper fix to AF_INET6 queries resolution from
/etc/hosts may be applied in future releases
due to a lack of standard, Red Hat suggests the first
entry in the /etc/hosts file, that applies for the IP
address being resolved, to be considered the canonical
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 71193 ()
CVE ID: CVE-2013-0242CVE-2013-1914CVE-2013-4332
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.