Amazon Linux 2 : glibc (ALAS-2018-1131)

medium Nessus Plugin ID 119785
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.7

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237)

Solution

Run 'yum update glibc' to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALAS-2018-1131.html

Plugin Details

Severity: Medium

ID: 119785

File Name: al2_ALAS-2018-1131.nasl

Version: 1.2

Type: local

Agent: unix

Published: 12/20/2018

Updated: 4/5/2019

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Medium

VPR Score: 6.7

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-all-langpacks:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-benchtests:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-common:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-debuginfo-common:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-headers:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-aa:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-af:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ak:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-am:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-an:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-anp:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ar:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-as:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ast:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ayc:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-az:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-be:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-bem:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ber:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-bg:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-bhb:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-bho:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-bn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-bo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-br:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-brx:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-bs:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-byn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ca:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ce:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-chr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-cmn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-crh:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-cs:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-csb:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-cv:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-cy:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-da:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-de:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-doi:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-dv:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-dz:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-el:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-en:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-eo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-es:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-et:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-eu:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-fa:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ff:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-fi:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-fil:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-fo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-fr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-fur:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-fy:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ga:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-gd:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-gez:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-gl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-gu:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-gv:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ha:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-hak:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-he:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-hi:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-hne:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-hr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-hsb:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ht:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-hu:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-hy:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ia:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-id:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ig:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ik:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-is:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-it:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-iu:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ja:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ka:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-kk:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-kl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-km:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-kn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ko:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-kok:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ks:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ku:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-kw:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ky:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-lb:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-lg:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-li:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-lij:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ln:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-lo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-lt:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-lv:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-lzh:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mag:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mai:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mg:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mhr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mi:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mk:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ml:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mni:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ms:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-mt:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-my:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nan:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nb:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nds:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ne:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nhn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-niu:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-nso:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-oc:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-om:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-or:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-os:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-pa:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-pap:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-pl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ps:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-pt:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-quz:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-raj:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ro:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ru:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-rw:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sa:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sat:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sc:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sd:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-se:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sgs:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-shs:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-si:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sid:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sk:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-so:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sq:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ss:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-st:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sv:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-sw:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-szl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ta:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tcy:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-te:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tg:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-th:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-the:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ti:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tig:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tk:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tl:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tn:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tr:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ts:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-tt:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ug:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-uk:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-unm:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ur:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-uz:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-ve:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-vi:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-wa:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-wae:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-wal:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-wo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-xh:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-yi:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-yo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-yue:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-zh:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-langpack-zu:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-locale-source:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-minimal-langpack:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-nss-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-static:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:glibc-utils:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:libcrypt:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:libcrypt-nss:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:nscd:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:nss_db:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:nss_hesiod:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:nss_nis:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/19/2018

Reference Information

CVE: CVE-2018-11237

ALAS: 2018-1131