OracleVM 3.3 : glibc (OVMSA-2014-0033)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote OracleVM host is missing one or more security updates.

Description :

The remote OracleVM system is missing necessary patches to address
critical security updates :

- Remove gconv transliteration loadable modules support
(CVE-2014-5119, - _nl_find_locale: Improve handling of
crafted locale names (CVE-2014-0475,

- Switch gettimeofday from INTUSE to libc_hidden_proto

- Fix stack overflow due to large AF_INET6 requests
(CVE-2013-4458, #1111460).

- Fix buffer overflow in readdir_r (CVE-2013-4237,

- Fix memory order when reading libgcc handle (#905941).

- Fix format specifier in malloc_info output (#1027261).

- Fix nscd lookup for innetgr when netgroup has wildcards

- Add mmap usage to malloc_info output (#1027261).

- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer

- [ppc] Add VDSO IFUNC for gettimeofday (#1028285).

- [ppc] Fix ftime gettimeofday internal call returning
bogus data (#1099025).

- Also relocate in dependency order when doing symbol
dependency testing (#1019916).

- Fix infinite loop in nscd when netgroup is empty

- Provide correct buffer length to netgroup queries in
nscd (#1074342).

- Return NULL for wildcard values in getnetgrent from nscd

- Avoid overlapping addresses to stpcpy calls in nscd

- Initialize all of datahead structure in nscd (#1074353).

- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN

- Do not fail if one of the two responses to AF_UNSPEC
fails (#845218).

- nscd: Make SELinux checks dynamic (#1025933).

- Fix race in free of fastbin chunk (#1027101).

- Fix copy relocations handling of unique objects

- Fix encoding name for IDN in getaddrinfo (#981942).

- Fix return code from getent netgroup when the netgroup
is not found (#1039988).

- Fix handling of static TLS in dlopen'ed objects

- Don't use alloca in addgetnetgrentX (#1043557).

- Adjust pointers to triplets in netgroup query data

See also :

Solution :

Update the affected glibc / glibc-common / nscd packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true

Family: OracleVM Local Security Checks

Nessus Plugin ID: 79548 ()

Bugtraq ID: 61729

CVE ID: CVE-2013-4237

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now