openSUSE Security Update : glibc (openSUSE-SU-2010:0914-1)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update of glibc fixes various bugs and security issues :

CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_
environment variables allowed local attackers to execute code in
context of e.g. setuid root programs, elevating privileges. This issue
does not affect SUSE as an assertion triggers before the respective
code is executed. The bug was fixed nevertheless.

CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid
root execution and could load shared libraries from standard system
library paths. This could be used by local attackers to inject code
into setuid root programs and so elevated privileges.

CVE-2010-0830: Integer overflow causing arbitrary code execution in
ld.so

--verify mode could be induced by a specially crafted binary.

CVE-2010-0296: The addmntent() function would not escape the newline
character properly, allowing the user to insert arbitrary newlines to
the /etc/mtab; if the addmntent() is run by a setuid mount binary that
does not do extra input checking, this would allow custom entries to
be inserted in /etc/mtab.

CVE-2008-1391: The strfmon() function contains an integer overflow
vulnerability in width specifiers handling that could be triggered by
an attacker that can control the format string passed to strfmon().

CVE-2010-0015: Some setups (mainly Solaris-based legacy setups)
include shadow information (password hashes) as so-called 'adjunct
passwd' table, mangling it with the rest of passwd columns instead of
keeping it in the shadow table. Normally, Solaris will disclose this
information only to clients bound to a priviledged port, but when nscd
is deployed on the client, getpwnam() would disclose the password
hashes to all users. New mode 'adjunct as shadow' can now be enabled
in /etc/default/nss that will move the password hashes from the
world-readable passwd table to emulated shadow table (that is not
cached by nscd).

Some invalid behaviour, crashes and memory leaks were fixed :

- statfs64() would not function properly on IA64 in ia32el
emulation mode.

- memcpy() and memset() on power6 would erroneously use a
64-bit instruction within 32-bit code in certain corner
cases.

- nscd would not load /etc/host.conf properly before
performing host resolution - most importantly, `multi
on` in /etc/host.conf would be ignored when nscd was
used, breaking e.g. resolving records in /etc/hosts
where single name would point at multiple addresses

- Removed mapping from lowercase sharp s to uppercase
sharp S; uppercase S is not a standardly used letter and
causes problems for ISO encodings.

Some other minor issues were fixed :

- glibc-locale now better coexists with sap-locale on
upgrades by regenerating the locale/gconv indexes
properly.

- Ports 623 and 664 may not be allocated by RPC code
automatically anymore since that may clash with ports
used on some IPMI network cards.

- On x86_64, backtrace of a static destructor would stop
in the _fini() glibc pseudo-routine, making it difficult
to find out what originally triggered the program
termination. The routine now has unwind information
attached.

See also :

http://lists.opensuse.org/opensuse-updates/2010-10/msg00041.html
https://bugzilla.novell.com/show_bug.cgi?id=375315
https://bugzilla.novell.com/show_bug.cgi?id=445636
https://bugzilla.novell.com/show_bug.cgi?id=513961
https://bugzilla.novell.com/show_bug.cgi?id=534828
https://bugzilla.novell.com/show_bug.cgi?id=537315
https://bugzilla.novell.com/show_bug.cgi?id=538067
https://bugzilla.novell.com/show_bug.cgi?id=541773
https://bugzilla.novell.com/show_bug.cgi?id=569091
https://bugzilla.novell.com/show_bug.cgi?id=572188
https://bugzilla.novell.com/show_bug.cgi?id=585879
https://bugzilla.novell.com/show_bug.cgi?id=592941
https://bugzilla.novell.com/show_bug.cgi?id=594263
https://bugzilla.novell.com/show_bug.cgi?id=615556
https://bugzilla.novell.com/show_bug.cgi?id=646960

Solution :

Update the affected glibc packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 50367 ()

Bugtraq ID:

CVE ID: CVE-2008-1391
CVE-2010-0015
CVE-2010-0296
CVE-2010-0830
CVE-2010-3847
CVE-2010-3856

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now