OracleVM 3.3 : glibc (OVMSA-2014-0017)

high Nessus Plugin ID 79539
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote OracleVM host is missing one or more security updates.

Description

The remote OracleVM system is missing necessary patches to address critical security updates :

- Remove gconv transliteration loadable modules support (CVE-2014-5119, - _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,

- Don't use alloca in addgetnetgrentX (#1087789).

- Adjust pointers to triplets in netgroup query data (#1087789).

- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098050).

- Fix race in free of fastbin chunk (#1091162).

- Revert the addition of gettimeofday vDSO function for ppc and ppc64 until OPD VDSO function call issues are resolved (#1026533).

- Call gethostbyname4_r only for PF_UNSPEC (#1022022).

- Fix integer overflows in *valloc and memalign.
(#1008310).

- Initialize res_hconf in nscd (#970090).

- Update previous patch for dcigettext.c and loadmsgcat.c (#834386).

- Save search paths before performing relro protection (#988931).

- Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for slowpow (#905575).

- Align value of stacksize in nptl-init (#663641).

- Renamed release engineering directory from 'fedora' to `releng' (#903754).

- Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc (#929302).

- Fall back to local DNS if resolv.conf does not define nameservers (#928318).

- Add systemtap probes to slowexp and slowpow (#905575).

- Fix getaddrinfo stack overflow resulting in application crash (CVE-2013-1914, #951213).

- Fix multibyte character processing crash in regexp (CVE-2013-0242, #951213).

- Add netgroup cache support for nscd (#629823).

- Fix multiple nss_compat initgroups bugs (#966778).

- Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384).

- Add MAP_HUGETLB and MAP_STACK support (#916986).

- Update translation for stale file handle error (#970776).

- Improve performance of _SC_NPROCESSORS_ONLN (#rh952422).

- Fix up _init in pt-initfini to accept arguments (#663641).

- Set reasonable limits on xdr requests to prevent memory leaks (#848748).

- Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars (#552960).

- New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size (#663641).

- Improved handling of recursive calls in backtrace (#868808).

- The ttyname and ttyname_r functions on Linux now fall back to searching for the tty file descriptor in /dev/pts or /dev if /proc is not available. This allows creation of chroots without the procfs mounted on /proc.
(#851470)

- Don't free rpath strings allocated during startup until after ld.so is re-relocated. (#862094)

- Consistantly MANGLE/DEMANGLE function pointers. Fix use after free in dcigettext.c (#834386).

- Change rounding mode only when necessary (#966775).

- Backport of code to allow incremental loading of library list (#886968).

- Fix loading of audit libraries when TLS is in use (#919562)

- Fix application of SIMD FP exception mask (#929388).

Solution

Update the affected glibc / glibc-common / nscd packages.

See Also

http://www.nessus.org/u?2eb23e08

Plugin Details

Severity: High

ID: 79539

File Name: oraclevm_OVMSA-2014-0017.nasl

Version: 1.9

Type: local

Published: 11/26/2014

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:vm:glibc, p-cpe:/a:oracle:vm:glibc-common, p-cpe:/a:oracle:vm:nscd, cpe:/o:oracle:vm_server:3.3

Required KB Items: Host/local_checks_enabled, Host/OracleVM/release, Host/OracleVM/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/3/2014

Vulnerability Publication Date: 2/8/2013

Reference Information

CVE: CVE-2013-0242, CVE-2013-1914, CVE-2014-0475, CVE-2014-5119

BID: 57638, 58839, 68505, 68983, 69738