http://openwall.com/lists/oss-security/2017/03/01/10

96525

[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

GLSA-202101-20

https://sourceware.org/bugzilla/show_bug.cgi?id=19519

https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21

https://sourceware.org/bugzilla/show_bug.cgi?id=26224

The version of glibc installed on the remote host is prior to 2.26-41. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1605 advisory.

  - The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple     suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite     loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228)

  - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-     byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)

  - The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text     containing an irreversible character, fails an assertion in the code path and aborts the program,     potentially resulting in a denial of service. (CVE-2020-29562)

  - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc     2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative     value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the     'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-     of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows     for program execution to continue in scenarios where a segmentation fault or crash should have occurred.
    The dangers occur in that subsequent execution and iterations of this code will be executed with this     corrupted data. (CVE-2020-6096)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202101-20 (glibc: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in glibc. Please review       the CVE identifiers referenced below for details.
  Impact :

    Please review the referenced CVE identifiers for details.
  Workaround :

    There is no known workaround at this time.

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-6e581c051a advisory.

  - The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple     suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite     loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228)

  - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-     byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)

  - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc     2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative     value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the     'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-     of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows     for program execution to continue in scenarios where a segmentation fault or crash should have occurred.
    The dangers occur in that subsequent execution and iterations of this code will be executed with this     corrupted data. (CVE-2020-6096)

  - The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text     containing an irreversible character, fails an assertion in the code path and aborts the program,     potentially resulting in a denial of service. (CVE-2020-29562)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Stack-based buffer overflow in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) allows remote servers to cause a denial     of service (crash) or possibly unspecified other impact     via a flood of crafted ICMP and UDP     packets.(CVE-2016-4429)

  - Integer overflow in the strxfrm function in the GNU C     Library (aka glibc or libc6) before 2.21 allows     context-dependent attackers to cause a denial of     service (crash) or possibly execute arbitrary code via     a long string, which triggers a stack-based buffer     overflow.(CVE-2015-8982)

  - The posix_spawn_file_actions_addopen function in glibc     before 2.20 does not copy its path argument in     accordance with the POSIX specification, which allows     context-dependent attackers to trigger use-after-free     vulnerabilities.(CVE-2014-4043)

  - res_query in libresolv in glibc before 2.25 allows     remote attackers to cause a denial of service (NULL     pointer dereference and process crash).(CVE-2015-5180)

  - A buffer overflow has been discovered in the GNU C     Library (aka glibc or libc6) in the
    __mempcpy_avx512_no_vzeroupper function when particular     conditions are met. An attacker could use this     vulnerability to cause a denial of service or     potentially execute code.(CVE-2018-11237)

  - In the GNU C Library (aka glibc or libc6) through 2.29,     proceed_next_node in posix/regexec.c has a heap-based     buffer over-read via an attempted case-insensitive     regular-expression match.(CVE-2019-9169)

  - The iconv program in the GNU C Library (aka glibc or     libc6) 2.25 and earlier, when invoked with the -c     option, enters an infinite loop when processing invalid     multi-byte input sequences, leading to a denial of     service.(CVE-2016-10228)

  - The DNS stub resolver in the GNU C Library (aka glibc     or libc6) before version 2.26, when EDNS support is     enabled, will solicit large UDP responses from name     servers, potentially simplifying off-path DNS spoofing     attacks due to IP fragmentation.(CVE-2017-12132)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - The iconv program in the GNU C Library (aka glibc or     libc6) 2.25 and earlier, when invoked with the -c     option, enters an infinite loop when processing invalid     multi-byte input sequences, leading to a denial of     service.(CVE-2016-10228)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - The iconv program in the GNU C Library (aka glibc or     libc6) 2.25 and earlier, when invoked with the -c     option, enters an infinite loop when processing invalid     multi-byte input sequences, leading to a denial of     service.(CVE-2016-10228)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
146627	Amazon Linux 2 : glibc (ALAS-2021-1605)	Nessus	Amazon Linux Local Security Checks	medium
145333	GLSA-202101-20 : glibc: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
145196	Fedora 32 : glibc (2021-6e581c051a)	Nessus	Fedora Local Security Checks	medium
129223	EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030)	Nessus	Huawei Local Security Checks	high
126545	EulerOS Virtualization for ARM 64 3.0.2.0 : glibc (EulerOS-SA-2019-1703)	Nessus	Huawei Local Security Checks	medium
126275	EulerOS 2.0 SP8 : glibc (EulerOS-SA-2019-1648)	Nessus	Huawei Local Security Checks	medium

CVE-2016-10228

MEDIUM

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins

medium

medium

medium

high

medium

medium