Detections
Analytics
MiracleLinux 4 : glibc-2.12-1.132.AXS4 (AXSA:2014-073:01)
high Nessus Plugin ID 289561
Synopsis
The remote MiracleLinux host is missing one or more security updates.Description
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-073:01 advisory.The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
Security issues fixed with this release:
CVE-2013-0242 Buffer overflow in the extend_buffers function in the regular expression matcher (posix/regexec.c) in glibc, possibly 2.17 and earlier, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.
CVE-2013-1914 Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results.
CVE-2013-4332 Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.
Fixed bugs:
A defect in the initial release of the getaddrinfo() system call caused AF_INET and AF_INET6 queries to return names queried from the /etc/hosts file as canonical names. This behavior is incorrect but it is the expected behavior. However, a later change in the getaddrinfo() function made AF_INET6 queries return the canonical name correctly but this was unexpected by applications relying on queries from the /etc/hosts file and they could fail to operate properly. This update ensures that AF_INET6 queries resolved from /etc/hosts always return the name as canonical. A proper patch might be issued when a standard is establish. For now, the first entry on the /etc/hosts file should be considered the canonical entry.
Previously, nscd sometimes failed to return both IPv4 and IPv6 addresses when querying for an address using the AF_UNSPEC address family, even when both IPv4 and IPv6 results existed. This has been fixed.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 289561
File Name: miracle_linux_AXSA-2014-073.nasl
Version: 1.1
Type: local
Published: 1/16/2026
Updated: 1/16/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
Vendor
Vendor Severity: High
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2013-1914
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:miracle:linux:nscd, p-cpe:/a:miracle:linux:glibc-common, p-cpe:/a:miracle:linux:glibc-headers, p-cpe:/a:miracle:linux:glibc-devel, p-cpe:/a:miracle:linux:glibc-utils, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:glibc
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/18/2014
Vulnerability Publication Date: 1/30/2013