ID de Prueba:	1.3.6.1.4.1.25623.1.0.882108
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for glibc CESA-2015:0092 centos7
Resumen:	Check the version of glibc
Descripción:	Summary: Check the version of glibc Vulnerability Insight: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Affected Software/OS: glibc on CentOS 7 Solution: Please install the updated packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0235 http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html BugTraq ID: 72325 http://www.securityfocus.com/bid/72325 BugTraq ID: 91787 http://www.securityfocus.com/bid/91787 Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search) http://seclists.org/oss-sec/2015/q1/269 Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search) http://seclists.org/oss-sec/2015/q1/274 Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search) http://www.securityfocus.com/archive/1/534845/100/0/threaded Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search) https://seclists.org/bugtraq/2019/Jun/14 Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost Debian Security Information: DSA-3142 (Google Search) http://www.debian.org/security/2015/dsa-3142 http://seclists.org/fulldisclosure/2015/Jan/111 http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2021/Sep/0 https://security.gentoo.org/glsa/201503-04 HPdes Security Advisory: HPSBGN03247 http://marc.info/?l=bugtraq&m=142296726407499&w=2 HPdes Security Advisory: HPSBGN03270 http://marc.info/?l=bugtraq&m=142781412222323&w=2 HPdes Security Advisory: HPSBGN03285 http://marc.info/?l=bugtraq&m=142722450701342&w=2 HPdes Security Advisory: HPSBHF03289 http://marc.info/?l=bugtraq&m=142721102728110&w=2 HPdes Security Advisory: HPSBMU03330 http://marc.info/?l=bugtraq&m=143145428124857&w=2 HPdes Security Advisory: SSRT101937 HPdes Security Advisory: SSRT101953 http://www.mandriva.com/security/advisories?name=MDVSA-2015:039 http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt http://www.openwall.com/lists/oss-security/2021/05/04/7 RedHat Security Advisories: RHSA-2015:0126 http://rhn.redhat.com/errata/RHSA-2015-0126.html http://www.securitytracker.com/id/1032909 http://secunia.com/advisories/62517 http://secunia.com/advisories/62640 http://secunia.com/advisories/62667 http://secunia.com/advisories/62680 http://secunia.com/advisories/62681 http://secunia.com/advisories/62688 http://secunia.com/advisories/62690 http://secunia.com/advisories/62691 http://secunia.com/advisories/62692 http://secunia.com/advisories/62698 http://secunia.com/advisories/62715 http://secunia.com/advisories/62758 http://secunia.com/advisories/62812 http://secunia.com/advisories/62813 http://secunia.com/advisories/62816 http://secunia.com/advisories/62865 http://secunia.com/advisories/62870 http://secunia.com/advisories/62871 http://secunia.com/advisories/62879 http://secunia.com/advisories/62883
Copyright	Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.