Detections
Analytics
RHEL 6 : glibc (RHSA-2014:1391)
high Nessus Plugin ID 78408
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1391 advisory.The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237)
It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-4458)
These updated glibc packages also include several bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes.
All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://access.redhat.com/errata/RHSA-2014:1391
https://bugzilla.redhat.com/show_bug.cgi?id=995839
https://bugzilla.redhat.com/show_bug.cgi?id=981942
https://bugzilla.redhat.com/show_bug.cgi?id=1022280
https://access.redhat.com/security/updates/classification/#moderate
http://www.nessus.org/u?468b1500
http://www.nessus.org/u?cf31c064
https://bugzilla.redhat.com/show_bug.cgi?id=1027101
https://bugzilla.redhat.com/show_bug.cgi?id=1032628
https://bugzilla.redhat.com/show_bug.cgi?id=1043557
https://bugzilla.redhat.com/show_bug.cgi?id=1044628
https://bugzilla.redhat.com/show_bug.cgi?id=1087833
Plugin Details
Severity: High
ID: 78408
File Name: redhat-RHSA-2014-1391.nasl
Version: 1.18
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 10/14/2014
Updated: 8/15/2025
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2013-4237
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2013-4458
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:glibc-headers, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:glibc-utils, p-cpe:/a:redhat:enterprise_linux:glibc-common, p-cpe:/a:redhat:enterprise_linux:glibc-devel, p-cpe:/a:redhat:enterprise_linux:glibc-static, p-cpe:/a:redhat:enterprise_linux:glibc, p-cpe:/a:redhat:enterprise_linux:nscd
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/13/2014
Vulnerability Publication Date: 10/9/2013