NewStart CGSL MAIN 6.06 : glibc Multiple Vulnerabilities (NS-SA-2025-0229)

critical Nessus Plugin ID 266254

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has glibc packages installed that are affected by multiple vulnerabilities:

- The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. (CVE-2021-33574)

- elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the ./ directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. (CVE-2017-16997)

- The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service. (CVE-2016-10228)

- The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input. (CVE-2016-6261)

- The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
(CVE-2016-6263)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL glibc packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0229

https://security.gd-linux.com/info/CVE-2016-10228

https://security.gd-linux.com/info/CVE-2016-6261

https://security.gd-linux.com/info/CVE-2016-6263

https://security.gd-linux.com/info/CVE-2017-1000408

https://security.gd-linux.com/info/CVE-2017-1000409

https://security.gd-linux.com/info/CVE-2017-14062

https://security.gd-linux.com/info/CVE-2017-15670

https://security.gd-linux.com/info/CVE-2017-15804

https://security.gd-linux.com/info/CVE-2017-16997

https://security.gd-linux.com/info/CVE-2017-17426

https://security.gd-linux.com/info/CVE-2017-18269

https://security.gd-linux.com/info/CVE-2018-1000001

https://security.gd-linux.com/info/CVE-2018-11236

https://security.gd-linux.com/info/CVE-2018-11237

https://security.gd-linux.com/info/CVE-2018-19591

https://security.gd-linux.com/info/CVE-2019-25013

https://security.gd-linux.com/info/CVE-2019-9169

https://security.gd-linux.com/info/CVE-2020-10029

https://security.gd-linux.com/info/CVE-2020-1751

https://security.gd-linux.com/info/CVE-2020-27618

https://security.gd-linux.com/info/CVE-2021-27645

https://security.gd-linux.com/info/CVE-2021-3326

https://security.gd-linux.com/info/CVE-2021-33574

https://security.gd-linux.com/info/CVE-2021-35942

Plugin Details

Severity: Critical

ID: 266254

File Name: newstart_cgsl_NS-SA-2025-0229_glibc.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-16997

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2021-33574

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:glibc, p-cpe:/a:zte:cgsl_main:libnsl, p-cpe:/a:zte:cgsl_main:glibc-langpack-zh, p-cpe:/a:zte:cgsl_main:glibc-locale-source, p-cpe:/a:zte:cgsl_main:glibc-minimal-langpack, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:glibc-all-langpacks, p-cpe:/a:zte:cgsl_main:glibc-common, p-cpe:/a:zte:cgsl_main:compat-libpthread-nonshared, p-cpe:/a:zte:cgsl_main:nss_db, p-cpe:/a:zte:cgsl_main:glibc-langpack-en, p-cpe:/a:zte:cgsl_main:glibc-gconv-extra, p-cpe:/a:zte:cgsl_main:glibc-devel, p-cpe:/a:zte:cgsl_main:glibc-headers

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 7/20/2016

Reference Information

CVE: CVE-2016-10228, CVE-2016-6261, CVE-2016-6263, CVE-2017-1000408, CVE-2017-1000409, CVE-2017-14062, CVE-2017-15670, CVE-2017-15804, CVE-2017-16997, CVE-2017-17426, CVE-2017-18269, CVE-2018-1000001, CVE-2018-11236, CVE-2018-11237, CVE-2018-19591, CVE-2019-25013, CVE-2019-9169, CVE-2020-10029, CVE-2020-1751, CVE-2020-27618, CVE-2021-27645, CVE-2021-3326, CVE-2021-33574, CVE-2021-35942