Detections
Analytics

MiracleLinux 3 : glibc-2.5-118.2.0.1.AXS3 (AXSA:2013-658:03)

high Nessus Plugin ID 289442

Synopsis

The remote MiracleLinux host is missing a security update.

Description

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-658:03 advisory.

 The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
 Security issues fixed with this release:
 CVE-2013-4332 Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
 Fixed bugs:
 Previously, the L3 cache size of some CPUs for SMP server was sometimes not correctly detected. This lead to non-optimal performance and has been fixed.
 Added locking to compat_call() function to prevent multiple threads from racing.
 Previously, glibc could sometimes terminate unexpectedly with a segmentation fault when attempting to use one dynamically-loaded character conversion routine. This has been fixed.
 The ftell() function was fixed to correctly set the internal FILE offset field for wide characters. The ftell() and fseek() functions now handle offsets for wide characters correctly.
 A previous fix to prevent logic errors in mathematical functions caused performance regression for certain inputs. This has been fixed.
 The nscd daemon no longer cache DNS entries with a TTL of zero and lookups for those entries return the correct and current results.
 Applications running under low-memory conditions no longer terminate unexpectedly while calling localization routines and now report errors if working in low-memory conditions.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/4338

Plugin Details

Severity: High

ID: 289442

File Name: miracle_linux_AXSA-2013-658.nasl

Version: 1.1

Type: local

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2013-4332

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:glibc-devel, p-cpe:/a:miracle:linux:glibc-utils, p-cpe:/a:miracle:linux:glibc, p-cpe:/a:miracle:linux:nscd, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:glibc-headers, p-cpe:/a:miracle:linux:glibc-common

Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/18/2013

Vulnerability Publication Date: 8/20/2013

Reference Information

CVE: CVE-2013-4332