Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2021-3291.NASLHistoryOct 07, 2021 - 12:00 a.m.
openSUSE 15 Security Update : glibc (openSUSE-SU-2021:3291-1)
2021-10-0700:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
opensuse 15
glibc
security update
denial of service
disclosure of information
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.016
Percentile
87.6%
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3291-1 advisory.
-
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. (CVE-2021-33574)
-
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. (CVE-2021-35942)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:3291-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153913);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/28");
script_cve_id("CVE-2021-33574", "CVE-2021-35942");
script_name(english:"openSUSE 15 Security Update : glibc (openSUSE-SU-2021:3291-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:3291-1 advisory.
- The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It
may use the notification thread attributes object (passed through its struct sigevent parameter) after it
has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified
other impact. (CVE-2021-33574)
- The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in
parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in
a denial of service or disclosure of information. This occurs because atoi was used but strtoul should
have been used to ensure correct calculations. (CVE-2021-35942)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1186489");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187911");
# https://lists.opensuse.org/archives/list/[email protected]/thread/TYMYANBGPUFKQ7SIIB3PZLAAR35QYXOR/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3d83df76");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-33574");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-35942");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33574");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/25");
script_set_attribute(attribute:"patch_publication_date", value:"2021/10/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-devel-static-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-html");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-i18ndata");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-info");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-locale-base-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-profile-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:glibc-utils-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.3");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.3)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'glibc-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-32bit-2.31-9.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-devel-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-devel-32bit-2.31-9.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-devel-static-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-devel-static-32bit-2.31-9.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-extra-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-html-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-i18ndata-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-info-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-lang-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-locale-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-locale-base-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-locale-base-32bit-2.31-9.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-profile-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-profile-32bit-2.31-9.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-utils-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'glibc-utils-32bit-2.31-9.3.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},
{'reference':'nscd-2.31-9.3.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-32bit / glibc-devel / glibc-devel-32bit / etc');
}
Related
openvas
openvas
openSUSE: Security Advisory for glibc (openSUSE-SU-2021:3291-1)
2021-10-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3291-1)
2021-10-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:3289-1)
2021-10-07 00:00:00
nessus
nessus
SUSE SLES12 Security Update : glibc (SUSE-SU-2021:3289-1)
2021-10-07 00:00:00
SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2021:3291-1)
2021-10-07 00:00:00
SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2021:3385-1)
2021-10-13 00:00:00
suse
suse
Security update for glibc (moderate)
2021-10-06 00:00:00
Security update for glibc (moderate)
2021-10-18 00:00:00
almalinux
almalinux
Moderate: glibc security, bug fix, and enhancement update
2021-11-09 09:08:59
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2021-11-16 00:00:00
glibc security update
2021-11-23 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-33574, CVE-2021-35942, CVE-2021-38604
2021-08-19 17:44:27
redhat
redhat
(RHSA-2021:4358) Moderate: glibc security, bug fix, and enhancement update
2021-11-09 09:08:59
(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0
2022-02-03 17:07:25
rocky
rocky
glibc security, bug fix, and enhancement update
2021-11-09 09:08:59
osv
osv
Moderate: glibc security, bug fix, and enhancement update
2021-11-09 09:08:59
Moderate: glibc security, bug fix, and enhancement update
2021-11-09 09:08:59
CVE-2021-33574
2021-05-25 22:15:10
fedora
fedora
[SECURITY] Fedora 34 Update: glibc-2.33-16.fc34
2021-06-14 01:06:20
[SECURITY] Fedora 33 Update: glibc-2.32-8.fc33
2021-07-07 01:04:22
[SECURITY] Fedora 33 Update: glibc-2.32-10.fc33
2021-07-20 01:10:16
debiancve
debiancve
prion
prion
Design/Logic Flaw
2021-05-25 22:15:00
Design/Logic Flaw
2021-07-22 18:15:00
Null pointer dereference
2021-08-12 16:15:00
amazon
amazon
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2021-11-17 22:36:20
Denial Of Service (DoS)
2021-11-17 22:36:24
cbl_mariner
cbl_mariner
CVE-2021-33574 affecting package glibc 2.28-22
2021-10-05 03:00:55
CVE-2021-35942 affecting package glibc 2.28-24
2021-08-11 06:39:32
photon
photon
ibm
ibm
mageia
mageia
Updated glibc packages fix security vulnerability
2021-07-01 02:58:41
Updated glibc packages fix security vulnerability
2021-07-20 13:46:47
Updated glibc packages fix security issue
2021-08-14 17:00:09
f5
f5
K43700555 : GNU C Library (glibc) vulnerability CVE-2021-33574
2021-09-24 00:00:00
K98121587 : glibc vulnerability CVE-2021-35942
2021-08-17 00:00:00
nvd
nvd
cvelist
cvelist
cve
cve
redos
redos
ROS-20220112-02
2022-01-12 00:00:00
ubuntucve
ubuntucve
ubuntu
ubuntu
GNU C Library vulnerabilities
2022-10-25 00:00:00
GNU C Library vulnerabilities
2022-03-01 00:00:00
githubexploit
githubexploit
Exploit for SQL Injection in Djangoproject Django
2022-04-25 02:50:00
gentoo
gentoo
glibc: Multiple vulnerabilities
2021-07-06 00:00:00
GNU C Library: Multiple Vulnerabilities
2022-08-14 00:00:00
debian
debian
[SECURITY] [DLA 3152-1] glibc security update
2022-10-17 15:54:41
altlinux
altlinux
Security fix for the ALT Linux 9 package glibc version 6:2.27-alt14
2021-09-23 00:00:00
cloudfoundry
cloudfoundry
USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry
2023-05-18 00:00:00
ics
ics
Siemens SIMATIC S7-1500 TM MFP BIOS
2023-06-15 12:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.7
Confidence
High
EPSS
0.016
Percentile
87.6%
Related for OPENSUSE-2021-3291.NASL