Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
3726cd3c69f647990c48b627f7552d3a2fdba185bb79ef1247f427b865bde817Red Hat Security Advisory 2017-1916-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.
284d7b2d9fe6062c5fa581f8136c465c6baa1820d06e031f3fd504574917c75dRed Hat Security Advisory 2017-0680-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code.
324d43db935a7ec05e599e403198eb2ed3ce4e5f8890b00bc2368b2c12b3560dGentoo Linux Security Advisory 201702-11 - Multiple vulnerabilities have been found in the GNU C Library, the worst of which allows context-dependent attackers to execute arbitrary code. Versions less than 2.23-r3 are affected.
fa2a94198c76126434e575483adb24e98f6fc6067b9bede81d1fab17552eb3e5Ubuntu Security Notice 2985-2 - USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue. Various other issues were also addressed.
2a6f679b626f83a064fc3dc159f612a216d5445b2d132256da0fb78b6542247dGentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.
7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4Debian Linux Security Advisory 3481-1 - Several vulnerabilities have been fixed in the GNU C Library, glibc.
09303e0b9794ff8d9ff9ecaa8493c33cded5b569964be1e2f01553cc70ce74c4Debian Linux Security Advisory 3480-1 - Several vulnerabilities have been fixed in the GNU C Library, eglibc.
f21bc37873b6d3f878293b24b50bceadf6e2f468ced587d39dcdaea3989a7fc3Ubuntu Security Notice 2985-1 - Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. Robin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). Various other issues were also addressed.
493c76ea8ce318894b316a5a208fb8df41462f866dbab930ef81d92361f8208c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed