CVE-2014-0475medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
References
http://linux.oracle.com/errata/ELSA-2015-0092.html
http://www.debian.org/security/2014/dsa-2976
http://www.mandriva.com/security/advisories?name=MDVSA-2014:152
http://www.openwall.com/lists/oss-security/2014/07/10/7
http://www.openwall.com/lists/oss-security/2014/07/14/6
http://www.securityfocus.com/bid/68505
http://www.securitytracker.com/id/1030569
https://rhn.redhat.com/errata/RHSA-2014-1110.html
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.19 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 125005 | EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552) | Nessus | Huawei Local Security Checks | critical |
| 88822 | GLSA-201602-02 : GNU C Library: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 83705 | SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0551-1) | Nessus | SuSE Local Security Checks | high |
| 83704 | SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1) | Nessus | SuSE Local Security Checks | high |
| 82421 | Mandriva Linux Security Advisory : glibc (MDVSA-2015:168) | Nessus | Mandriva Local Security Checks | high |
| 82190 | Debian DLA-43-1 : eglibc security update | Nessus | Debian Local Security Checks | high |
| 81119 | OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST) | Nessus | OracleVM Local Security Checks | high |
| 81118 | OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST) | Nessus | OracleVM Local Security Checks | high |
| 79548 | OracleVM 3.3 : glibc (OVMSA-2014-0033) | Nessus | OracleVM Local Security Checks | high |
| 79539 | OracleVM 3.3 : glibc (OVMSA-2014-0017) | Nessus | OracleVM Local Security Checks | high |
| 78656 | Slackware 14.1 / current : glibc (SSA:2014-296-01) | Nessus | Slackware Local Security Checks | high |
| 78583 | Fedora 19 : glibc-2.17-21.fc19 (2014-9830) | Nessus | Fedora Local Security Checks | high |
| 78343 | Amazon Linux AMI : glibc (ALAS-2014-400) | Nessus | Amazon Linux Local Security Checks | medium |
| 77659 | openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1) | Nessus | SuSE Local Security Checks | high |
| 77568 | Ubuntu 10.04 LTS : eglibc regression (USN-2306-3) | Nessus | Ubuntu Local Security Checks | high |
| 77465 | Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64 (20140829) | Nessus | Scientific Linux Local Security Checks | high |
| 77464 | RHEL 5 / 6 / 7 : glibc (RHSA-2014:1110) | Nessus | Red Hat Local Security Checks | high |
| 77463 | Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110) | Nessus | Oracle Linux Local Security Checks | high |
| 77439 | CentOS 5 / 6 / 7 : glibc (CESA-2014:1110) | Nessus | CentOS Local Security Checks | high |
| 77436 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerability (USN-2328-1) | Nessus | Ubuntu Local Security Checks | high |
| 77430 | Fedora 20 : glibc-2.18-14.fc20 (2014-9824) | Nessus | Fedora Local Security Checks | high |
| 77229 | SuSE 11.3 Security Update : glibc (SAT Patch Number 9587) | Nessus | SuSE Local Security Checks | medium |
| 77040 | Mandriva Linux Security Advisory : glibc (MDVSA-2014:152) | Nessus | Mandriva Local Security Checks | high |
| 77019 | Ubuntu 10.04 LTS : eglibc regression (USN-2306-2) | Nessus | Ubuntu Local Security Checks | high |
| 76999 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerabilities (USN-2306-1) | Nessus | Ubuntu Local Security Checks | high |
| 76465 | Debian DSA-2976-1 : eglibc - security update | Nessus | Debian Local Security Checks | medium |