CVE-2014-4043high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.
References
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00012.html
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.mandriva.com/security/advisories?name=MDVSA-2014:152
http://www.securityfocus.com/bid/68006
https://bugzilla.redhat.com/show_bug.cgi?id=1109263
https://exchange.xforce.ibmcloud.com/vulnerabilities/93784
https://seclists.org/bugtraq/2019/Jun/14
https://seclists.org/bugtraq/2019/Sep/7
https://security.gentoo.org/glsa/201503-04
https://sourceware.org/bugzilla/show_bug.cgi?id=17048
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=89e435f3559c53084498e9baad22172b64429362
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.19 (inclusive)
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 129223 | EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030) | Nessus | Huawei Local Security Checks | critical |
| 126849 | EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1721) | Nessus | Huawei Local Security Checks | critical |
| 126294 | EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1667) | Nessus | Huawei Local Security Checks | high |
| 85433 | openSUSE Security Update : glibc (openSUSE-2015-544) | Nessus | SuSE Local Security Checks | high |
| 83675 | SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0170-1) | Nessus | SuSE Local Security Checks | high |
| 83674 | SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0167-1) | Nessus | SuSE Local Security Checks | high |
| 83638 | SUSE SLES10 Security Update : glibc (SUSE-SU-2014:1128-1) | Nessus | SuSE Local Security Checks | high |
| 83637 | SUSE SLES11 Security Update : glibc (SUSE-SU-2014:1122-1) | Nessus | SuSE Local Security Checks | high |
| 82421 | Mandriva Linux Security Advisory : glibc (MDVSA-2015:168) | Nessus | Mandriva Local Security Checks | high |
| 82149 | Debian DLA-165-1 : eglibc security update | Nessus | Debian Local Security Checks | high |
| 81689 | GLSA-201503-04 : GNU C Library: Multiple vulnerabilities (GHOST) | Nessus | Gentoo Local Security Checks | high |
| 81448 | Debian DSA-3169-1 : eglibc - security update | Nessus | Debian Local Security Checks | high |
| 78656 | Slackware 14.1 / current : glibc (SSA:2014-296-01) | Nessus | Slackware Local Security Checks | high |
| 77568 | Ubuntu 10.04 LTS : eglibc regression (USN-2306-3) | Nessus | Ubuntu Local Security Checks | high |
| 77040 | Mandriva Linux Security Advisory : glibc (MDVSA-2014:152) | Nessus | Mandriva Local Security Checks | high |
| 77019 | Ubuntu 10.04 LTS : eglibc regression (USN-2306-2) | Nessus | Ubuntu Local Security Checks | high |
| 76999 | Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerabilities (USN-2306-1) | Nessus | Ubuntu Local Security Checks | high |
| 76604 | SuSE 11.3 Security Update : glibc (SAT Patch Number 9477) | Nessus | SuSE Local Security Checks | high |