Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1152)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.2.2020.1152

Categoría: Huawei EulerOS Local Security Checks

Título: Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1152)

Resumen: The remote host is missing an update for the Huawei EulerOS 'glibc' package(s) announced via the EulerOS-SA-2020-1152 advisory.

Descripción: Summary:
The remote host is missing an update for the Huawei EulerOS 'glibc' package(s) announced via the EulerOS-SA-2020-1152 advisory.

Vulnerability Insight:
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.(CVE-2019-1010023)

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '()(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.(CVE-2019-9192)

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227)(\\1\\1t1\\\2537)+' in grep.(CVE-2018-20796)

Affected Software/OS:
'glibc' package(s) on Huawei EulerOS V2.0SP8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-9192
https://sourceware.org/bugzilla/show_bug.cgi?id=24269

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.2.2020.1152
Categoría:	Huawei EulerOS Local Security Checks
Título:	Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2020-1152)
Resumen:	The remote host is missing an update for the Huawei EulerOS 'glibc' package(s) announced via the EulerOS-SA-2020-1152 advisory.
Descripción:	Summary: The remote host is missing an update for the Huawei EulerOS 'glibc' package(s) announced via the EulerOS-SA-2020-1152 advisory. Vulnerability Insight: GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.(CVE-2019-1010023) In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '()(\\1\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.(CVE-2019-9192) In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227)(\\1\\1t1\\\2537)+' in grep.(CVE-2018-20796) Affected Software/OS: 'glibc' package(s) on Huawei EulerOS V2.0SP8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9192 https://sourceware.org/bugzilla/show_bug.cgi?id=24269
Copyright	Copyright (C) 2020 Greenbone Networks GmbH