Mandrake Linux Security Advisory : glibc (MDKSA-2002:050)

High Nessus Plugin ID 13953


The remote Mandrake Linux host is missing one or more security updates.


A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the 'dns' entry in the 'networks' database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to 'files' and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc.


Update the affected packages.

Plugin Details

Severity: High

ID: 13953

File Name: mandrake_MDKSA-2002-050.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:glibc, p-cpe:/a:mandriva:linux:glibc-devel, p-cpe:/a:mandriva:linux:glibc-profile, p-cpe:/a:mandriva:linux:ldconfig, p-cpe:/a:mandriva:linux:nscd, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2002/08/13

Reference Information

CVE: CVE-2002-0651, CVE-2002-0684

MDKSA: 2002:050