The version of glibc installed on the remote host is prior to 2.26-57. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2371 advisory.

  - The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It     may use the notification thread attributes object (passed through its struct sigevent parameter) after it     has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified     other impact. (CVE-2021-33574)

  - In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles     certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was     introduced as a side effect of the CVE-2021-33574 fix. (CVE-2021-38604)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2 : glibc (ALAS-2023-2371)

critical Nessus Plugin ID 186573

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.3 Dec 19, 2023, 8:16 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202312192016
Version 1.2 Dec 19, 2023, 12:08 AM CVSSv2 score source (changed from "CVE-2021-38604" to "CVE-2021-33574") CVSSv2 severity (based on CVE-2021-33574, severity increased from "Medium" to "High") Exploit attributes ("Exploitability ease" changed from "Exploits are available" to "No known exploits are available") Plugin metadata CVE (set "CVE" coverage to "CVE-2021-33574,CVE-2021-38604") CVSS metrics ("CVSSv2 score" set to 7.5. "CVSSv3 score" set to 9.8. "CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P". "CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") Plugin Feed: 202312190008
Version 1.1 Dec 5, 2023, 2:37 PM Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202312051437
Version 1.0 Dec 5, 2023, 6:24 AM New Plugin Feed: 202312050624