EulerOS Virtualization 2.5.0 : glibc (EulerOS-SA-2018-1344)

High Nessus Plugin ID 118432


The remote EulerOS Virtualization host is missing multiple security


According to the versions of the glibc packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :

- The nss_dns implementation of getnetbyname in GNU C
Library (aka glibc) before 2.21, when the DNS backend
in the Name Service Switch configuration is enabled,
allows remote attackers to cause a denial of service
(infinite loop) by sending a positive answer while a
network name is being process.(CVE-2014-9402)

- A stack overflow vulnerability was found in
_nss_dns_getnetbyname_r.On systems with nsswitch
configured to include 'networks: dns' with a privileged
or network-facing service that would attempt to resolve
user-provided network names, an attacker could provide
an excessively long network name, resulting in stack
corruption and code execution.(CVE-2016-3075)

- stdlib/canonicalize.c in the GNU C Library (aka glibc
or libc6) 2.27 and earlier, when processing very long
pathname arguments to the realpath function, could
encounter an integer overflow on 32-bit architectures,
leading to a stack-based buffer overflow and,
potentially, arbitrary code execution.(CVE-2018-11236)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.


Update the affected glibc packages.

See Also

Plugin Details

Severity: High

ID: 118432

File Name: EulerOS_SA-2018-1344.nasl

Version: 1.2

Type: local

Published: 2018/10/26

Modified: 2018/11/13

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:glibc, p-cpe:/a:huawei:euleros:glibc-common, p-cpe:/a:huawei:euleros:glibc-devel, p-cpe:/a:huawei:euleros:glibc-headers, p-cpe:/a:huawei:euleros:nscd, cpe:/o:huawei:euleros:uvp:2.5.0

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2018/10/15

Reference Information

CVE: CVE-2014-9402, CVE-2016-3075, CVE-2018-11236

BID: 71670