Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.REDHAT-CVE-2014-9402.NASL
HistoryFeb 19, 2016 - 12:00 a.m.

RHEL 5 / 6 / 7 : glibc (CVE-2014-9402)

2016-02-1900:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
14

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

95.1%

JSON

The remote Red Hat Enterprise Linux host has a version of glibc installed that is similar in patching level to version 2.21 of the official glibc library. It is, therefore, potentially affected by a denial of service vulnerability due to improper handling of alias names supplied to the getnetbyname() function. A remote attacker can exploit this to cause an invite loop by sending a positive answer to the host while a network name is being processed.

Note that Red Hat has no plans to release a patch since the host will only be affected by the vulnerability if it is running a ‘networks:
file dns’ non-standard configuration in /etc/nsswitch.conf, and the host is targeted by a separate DNS spoofing attack.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(88862);
  script_version("1.7");
  script_cvs_date("Date: 2018/07/25 18:58:06");

  script_cve_id("CVE-2014-9402");
  script_bugtraq_id(71670);

  script_name(english:"RHEL 5 / 6 / 7 : glibc (CVE-2014-9402)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is potentially affected by a denial of service
vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote Red Hat Enterprise Linux host has a version of glibc
installed that is similar in patching level to version 2.21 of the
official glibc library. It is, therefore, potentially affected by a
denial of service vulnerability due to improper handling of alias
names supplied to the getnetbyname() function. A remote attacker can
exploit this to cause an invite loop by sending a positive answer to
the host while a network name is being processed.

Note that Red Hat has no plans to release a patch since the host will
only be affected by the vulnerability if it is running a 'networks:
file dns' non-standard configuration in /etc/nsswitch.conf, and the
host is targeted by a separate DNS spoofing attack.");
  script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-9402.html");
  script_set_attribute(attribute:"solution", value:
"No patch from Red Hat is currently available. However, users are
advised to check their settings, and upgrade to a glibc package
released after February, 2nd 2015.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:glibc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/02/19");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu", "Settings/ParanoidReport");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (report_paranoia < 2) audit(AUDIT_PARANOID);

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! ereg(pattern:"^(5|6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x / 6.x / 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

flag = 0;
if (rpm_check(release:"RHEL5", reference:"glibc-2.5-123.el5_11.3")) flag++;
if (rpm_check(release:"RHEL6", reference:"glibc-2.12-1.149.el6_6.7")) flag++;
if (rpm_check(release:"RHEL7", reference:"glibc-2.17-78.el7")) flag++;

if (flag)
{
  report_extra = rpm_report_get() +
                 'NOTE: No official Red Hat Security Advisory exists for this vulnerability.\n' +
                 'Consult https://access.redhat.com/security/cve/CVE-2014-9402 for details.\n';
  if (report_verbosity > 0) security_note(port:0, extra:report_extra);
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
VendorProductVersionCPE
redhatenterprise_linuxglibcp-cpe:/a:redhat:enterprise_linux:glibc
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7

Related

nessus 26
openvas 16
prion 1
f5 2
debian 2
nvd 1
cvelist 1
ubuntucve 1
cve 1
debiancve 1
mageia 1
archlinux 1
fedora 1
ibm 10
ubuntu 1
amazon 1
centos 1
redhat 1
securityvulns 2
oraclelinux 2
osv 1
gentoo 1
packetstorm 2
oracle 1
nessus
nessus
EulerOS Virtualization 2.5.1 : glibc (EulerOS-SA-2018-1272)
2018-09-18 00:00:00
F5 Networks BIG-IP : glibc vulnerability (K16365)
2018-12-18 00:00:00
Debian DLA-122-1 : eglibc security update
2015-03-26 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2018-1272)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-122-1)
2023-03-08 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2017-1146)
2020-01-23 00:00:00
prion
prion
Design/Logic Flaw
2015-02-24 15:59:00
f5
f5
SOL16365 - GNU C Library (glibc) vulnerability CVE-2014-9402
2015-04-03 00:00:00
K16365 : glibc vulnerability CVE-2014-9402
2015-07-23 00:00:00
debian
debian
[SECURITY] [DLA 122-1] eglibc security update
2014-12-22 23:19:26
[SECURITY] [DSA 3169-1] eglibc security update
2015-02-23 06:08:58
nvd
nvd
CVE-2014-9402
2015-02-24 15:59:02
cvelist
cvelist
CVE-2014-9402
2015-02-24 15:00:00
ubuntucve
ubuntucve
CVE-2014-9402
2015-02-24 00:00:00
cve
cve
CVE-2014-9402
2015-02-24 15:59:02
debiancve
debiancve
CVE-2014-9402
2015-02-24 15:59:02
mageia
mageia
Updated glibc packages fix security vulnerabilities
2015-01-08 15:24:22
archlinux
archlinux
glibc: arbitrary code execution
2014-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: glibc-2.20-8.fc21
2015-03-04 10:27:01
ibm
ibm
Security Bulletin: Vulnerabilities in Glibc affect Power Hardware Management Console ( CVE-2017-15670, CVE-2017-12132, CVE-2015-5180, CVE-2014-9402)
2021-09-22 23:05:38
Security Bulletin: IBM BladeCenter Advanced Management Module is affected by glibc vulnerabilities (CVE-2015-1472, CVE-2013-7423, CVE-2014-7817, and CVE-2014-9402)
2019-01-31 01:55:01
Security Bulletin: Multiple vulnerabilities in glibc affect IBM Flex System Manager(FSM) (CVE-2013-7423, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472)
2019-01-31 01:45:01
ubuntu
ubuntu
GNU C Library vulnerabilities
2015-02-26 00:00:00
amazon
amazon
Important: glibc
2018-05-10 17:45:00
centos
centos
glibc, nscd security update
2018-04-26 17:41:43
redhat
redhat
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update
2018-04-10 05:01:26
securityvulns
securityvulns
GNU glibc multiple security vulnerabilities
2015-03-07 00:00:00
[SECURITY] [DSA 3169-1] eglibc security update
2015-03-07 00:00:00
oraclelinux
oraclelinux
glibc security update
2018-04-18 00:00:00
glibc security, bug fix, and enhancement update
2018-04-16 00:00:00
osv
osv
eglibc - security update
2015-02-23 00:00:00
gentoo
gentoo
GNU C Library: Multiple vulnerabilities
2016-02-17 00:00:00
packetstorm
packetstorm
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
2019-09-04 00:00:00
WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials
2019-06-13 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.107 Low

EPSS

Percentile

95.1%

JSON
Related for REDHAT-CVE-2014-9402.NASL
nessus26openvas16prion1f52debian2nvd1cvelist1ubuntucve1cve1debiancve1mageia1archlinux1fedora1ibm10ubuntu1amazon1centos1redhat1securityvulns2oraclelinux2osv1gentoo1packetstorm2oracle1