Debian DSA-2058-1 : glibc, eglibc - multiple vulnerabilities

high Nessus Plugin ID 46861


New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote Debian host is missing a security-related update.


Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service.

- CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges.

- CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges.


Upgrade the glibc or eglibc packages.

For the stable distribution (lenny), these problems have been fixed in version 2.7-18lenny4 of the glibc package.

See Also

Plugin Details

Severity: High

ID: 46861

File Name: debian_DSA-2058.nasl

Version: 1.11

Type: local

Agent: unix

Published: 6/11/2010

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: Medium

Score: 6.7


Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:eglibc, p-cpe:/a:debian:debian_linux:glibc, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/10/2010

Reference Information

CVE: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881, CVE-2010-0296, CVE-2010-0830

BID: 36443, 40063

DSA: 2058

CWE: 189