FEDORA-2017-270ab2baa3

https://sourceware.org/bugzilla/show_bug.cgi?id=21115

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491

USN-4416-1

100679

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - GNU Libc current is affected by: Re-mapping current     loaded library with malicious ELF file. The impact is:
    In worst case attacker may evaluate privileges. The     component is: libld. The attack vector is: Attacker     sends 2 ELF files to victim and asks to run ldd on it.
    ldd execute code. NOTE: Upstream comments indicate     'this is being treated as a non-security bug and no     real threat.'(CVE-2019-1010023)

  - Stack-based buffer overflow in the getaddrinfo function     in sysdeps/posix/getaddrinfo.c in the GNU C Library     (aka glibc or libc6) allows remote attackers to cause a     denial of service (crash) via vectors involving hostent     conversion. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2013-4458.(CVE-2016-3706)

  - The iconv feature in the GNU C Library (aka glibc or     libc6) through 2.32, when processing invalid multi-byte     input sequences in the EUC-KR encoding, may have a     buffer over-read.(CVE-2019-25013)

  - The iconv function in the GNU C Library (aka glibc or     libc6) 2.32 and earlier, when processing invalid input     sequences in the ISO-2022-JP-3 encoding, fails an     assertion in the code path and aborts the program,     potentially resulting in a denial of     service.(CVE-2021-3326)

  - The iconv function in the GNU C Library (aka glibc or     libc6) 2.32 and earlier, when processing invalid     multi-byte input sequences in IBM1364, IBM1371,     IBM1388, IBM1390, and IBM1399 encodings, fails to     advance the input state, which could lead to an     infinite loop in applications, resulting in a denial of     service, a different vulnerability from     CVE-2016-10228.(CVE-2020-27618)

  - The makecontext function in the GNU C Library (aka     glibc or libc6) before 2.25 creates execution contexts     incompatible with the unwinder on ARM EABI (32-bit)     platforms, which might allow context-dependent     attackers to cause a denial of service (hang), as     demonstrated by applications compiled using gccgo,     related to backtrace generation.(CVE-2016-6323)

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Florian Weimer discovered that the GNU C Library incorrectly handled certain memory operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133) It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269) It was discovered that the GNU C Library incorrectly handled certain pathname operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236) It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237) It was discovered that the GNU C Library incorrectly handled certain hostname loookups. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-19591) Jakub Wilk discovered that the GNU C Library incorrectly handled certain memalign functions. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485) It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126) It was discovered that the GNU C Library incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service.
This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2019-9169) It was discovered that the GNU C Library incorrectly handled certain bit patterns. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029) It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751) It was discovered that the GNU C Library incorrectly handled tilde expansion. A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - In the GNU C Library (aka glibc or libc6) through 2.28,     the getaddrinfo function would successfully parse a     string that contained an IPv4 address followed by     whitespace and arbitrary characters, which could lead     applications to incorrectly assume that it had parsed a     valid string, without the possibility of embedded HTTP     headers or other potentially dangerous     substrings.(CVE-2016-10739)

  - Stack-based buffer overflow in the glob implementation     in GNU C Library (aka glibc) before 2.24, when     GLOB_ALTDIRFUNC is used, allows context-dependent     attackers to cause a denial of service (crash) via a     long name.(CVE-2016-1234)

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

  - In the GNU C Library (aka glibc or libc6) through 2.29,     check_dst_limits_calc_pos_1 in posix/regexec.c has     Uncontrolled Recursion, as demonstrated by     '(\227|)(\\1\\1|t1|\\\2537)+' in grep.(CVE-2018-20796)

  - ** DISPUTED ** In the GNU C Library (aka glibc or     libc6) through 2.29, check_dst_limits_calc_pos_1 in     posix/regexec.c has Uncontrolled Recursion, as     demonstrated by '(|)(\\1\\1)*' in grep, a different     issue than CVE-2018-20796. NOTE: the software     maintainer disputes that this is a vulnerability     because the behavior occurs only with a crafted     pattern.(CVE-2019-9192)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

  - In the GNU C Library (aka glibc or libc6) through 2.28,     the getaddrinfo function would successfully parse a     string that contained an IPv4 address followed by     whitespace and arbitrary characters, which could lead     applications to incorrectly assume that it had parsed a     valid string, without the possibility of embedded HTTP     headers or other potentially dangerous     substrings.(CVE-2016-10739)

  - An AVX-512-optimized implementation of the mempcpy     function in the GNU C Library (aka glibc or libc6) 2.27     and earlier may write data beyond the target buffer,     leading to a buffer overflow in
    __mempcpy_avx512_no_vzeroupper.(CVE-2018-11237)

  - res_query in libresolv in glibc before 2.25 allows     remote attackers to cause a denial of service (NULL     pointer dereference and process crash).(CVE-2015-5180)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - In the GNU C Library (aka glibc or libc6) through 2.28,     the getaddrinfo function would successfully parse a     string that contained an IPv4 address followed by     whitespace and arbitrary characters, which could lead     applications to incorrectly assume that it had parsed a     valid string, without the possibility of embedded HTTP     headers or other potentially dangerous     substrings.(CVE-2016-10739)

  - Use-after-free vulnerability in the clntudp_call     function in sunrpc/clnt_udp.c in the GNU C Library (aka     glibc or libc6) before 2.26 allows remote attackers to     have unspecified impact via vectors related to error     path.(CVE-2017-12133)

  - Stack-based buffer overflow in the glob implementation     in GNU C Library (aka glibc) before 2.24, when     GLOB_ALTDIRFUNC is used, allows context-dependent     attackers to cause a denial of service (crash) via a     long name.(CVE-2016-1234)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the glibc package has been released.

An update of [openjdk,openjre,bash,libtar,glibc,libgcrypt,strongswan,unzip] packages for PhotonOS has been released.

This update for glibc fixes the following issues: Security issues fixed :

  - CVE-2017-12133: Avoid use-after-free read access in     clntudp_call (bsc#1081556) Non security issue fixed :

  - Fix incorrect getaddrinfo assertion trigger     (bsc#1076871)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for glibc fixes the following issues :

  - CVE-2017-12133: Avoid use-after-free read access in     clntudp_call (bsc#1081556)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for glibc fixes the following issues :

  - CVE-2017-12133: Avoid use-after-free read access in     clntudp_call (bsc#1081556)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update fixes a minor security vulnerability in the Sun RPC client (CVE-2017-12133).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
149140	EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)	Nessus	Huawei Local Security Checks	high
138166	Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : GNU C Library vulnerabilities (USN-4416-1)	Nessus	Ubuntu Local Security Checks	critical
135640	EulerOS Virtualization 3.0.2.2 : glibc (EulerOS-SA-2020-1478)	Nessus	Huawei Local Security Checks	medium
131629	EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-2476)	Nessus	Huawei Local Security Checks	high
130864	EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-2155)	Nessus	Huawei Local Security Checks	medium
121742	Photon OS 1.0: Glibc PHSA-2017-0040	Nessus	PhotonOS Local Security Checks	high
111889	Photon OS 1.0: Bash / Glibc / Libgcrypt / Libtar / Openjdk / Openjre / Strongswan / Unzip PHSA-2017-0040 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
108871	SUSE SLES11 Security Update : glibc (SUSE-SU-2018:0874-1)	Nessus	SuSE Local Security Checks	medium
108272	openSUSE Security Update : glibc (openSUSE-2018-250)	Nessus	SuSE Local Security Checks	medium
107292	SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0655-1)	Nessus	SuSE Local Security Checks	medium
102933	Fedora 25 : glibc (2017-270ab2baa3)	Nessus	Fedora Local Security Checks	medium

CVE-2017-12133

MEDIUM

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

critical

medium

high

medium

high

critical

medium

medium

medium

medium