EulerOS Virtualization for ARM 64 3.0.1.0 : glibc (EulerOS-SA-2019-1386)

high Nessus Plugin ID 124889
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates.

Description

According to the versions of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

- stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236)

- An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in
__mempcpy_avx512_no_vzeroupper.(CVE-2018-11237)

- elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the './' directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon most likely, no such program is shipped with any common Linux distribution.(CVE-2017-16997)

- A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.(CVE-2015-0235)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected glibc packages.

See Also

http://www.nessus.org/u?b355490c

Plugin Details

Severity: High

ID: 124889

File Name: EulerOS_SA-2019-1386.nasl

Version: 1.9

Type: local

Published: 5/14/2019

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2015-0235

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:glibc, p-cpe:/a:huawei:euleros:glibc-all-langpacks, p-cpe:/a:huawei:euleros:glibc-common, p-cpe:/a:huawei:euleros:glibc-devel, p-cpe:/a:huawei:euleros:glibc-headers, p-cpe:/a:huawei:euleros:libnsl, p-cpe:/a:huawei:euleros:nscd, cpe:/o:huawei:euleros:uvp:3.0.1.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/7/2019

Exploitable With

Core Impact

Metasploit (Exim GHOST (glibc gethostbyname) Buffer Overflow)

Reference Information

CVE: CVE-2015-0235, CVE-2017-16997, CVE-2018-11236, CVE-2018-11237

BID: 72325