The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3152 advisory.

  - The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple     suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite     loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228)

  - On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the     LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition,     allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass     ASLR for a setuid program. (CVE-2019-19126)

  - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-     byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)

  - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range     reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when     passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to     sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)

  - A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde     expansion was carried out. Directory paths containing an initial tilde followed by a valid username were     affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path     that, when processed by the glob function, would potentially lead to arbitrary code execution. This was     fixed in version 2.32. (CVE-2020-1752)

  - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid     multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance     the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a     different vulnerability from CVE-2016-10228. (CVE-2020-27618)

  - An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc     2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative     value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the     'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-     of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows     for program execution to continue in scenarios where a segmentation fault or crash should have occurred.
    The dangers occur in that subsequent execution and iterations of this code will be executed with this     corrupted data. (CVE-2020-6096)

  - The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when     processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in     degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
    (CVE-2021-27645)

  - The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid     input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program,     potentially resulting in a denial of service. (CVE-2021-3326)

  - The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It     may use the notification thread attributes object (passed through its struct sigevent parameter) after it     has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified     other impact. (CVE-2021-33574)

  - The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in     parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in     a denial of service or disclosure of information. This occurs because atoi was used but strtoul should     have been used to ensure correct calculations. (CVE-2021-35942)

  - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory     corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and     size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and     escalate their privileges on the system. (CVE-2021-3999)

  - The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc)     through 2.34 copies its path argument on the stack without validating its length, which may result in a     buffer overflow, potentially resulting in a denial of service or (if an application is not built with a     stack protector enabled) arbitrary code execution. (CVE-2022-23218)

  - The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc)     through 2.34 copies its hostname argument on the stack without validating its length, which may result in     a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a     stack protector enabled) arbitrary code execution. (CVE-2022-23219)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DLA-3152-1 : glibc - LTS security update

critical Nessus Plugin ID 166426

Version 1.3

Version 1.2

Version 1.3 Oct 9, 2023, 5:00 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310091700
Version 1.2 Oct 23, 2022, 9:48 PM New Plugin Feed: 202210232148