Detections
Analytics

Ubuntu 16.04 ESM : musl vulnerabilities (USN-4768-1)

critical Nessus Plugin ID 183587

Language:

Synopsis

The remote Ubuntu host is missing one or more security updates.

Description

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4768-1 advisory.

 - Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid name length in a DNS response, related to an infinite loop with no output. (CVE-2014-3484)

 - Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
 (CVE-2015-1817)

 - Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. (CVE-2016-8859)

 - musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. (CVE-2017-15650)

 - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
 (CVE-2018-1000001)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected musl, musl-dev and / or musl-tools packages.

See Also

https://ubuntu.com/security/notices/USN-4768-1

Plugin Details

Severity: Critical

ID: 183587

File Name: ubuntu_USN-4768-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 10/20/2023

Updated: 10/23/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2016-8859

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:canonical:ubuntu_linux:16.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:musl, p-cpe:/a:canonical:ubuntu_linux:musl-dev, p-cpe:/a:canonical:ubuntu_linux:musl-tools

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2021

Vulnerability Publication Date: 6/6/2014

Exploitable With

Metasploit (glibc realpath() Privilege Escalation)

Reference Information

CVE: CVE-2014-3484, CVE-2015-1817, CVE-2016-8859, CVE-2017-15650, CVE-2018-1000001

USN: 4768-1