ALT-PU-2018-1034-1
Closed vulnerabilities
Published: 2018-01-07
BDU:2018-00415
Уязвимость функций getcwd и realpath библиотеки, обеспечивающей системные вызовы и основные функции glibc, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2018-01-31
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- [oss-security] 20180111 Libc Realpath Buffer Underflow CVE-2018-1000001
- [oss-security] 20180111 Libc Realpath Buffer Underflow CVE-2018-1000001
- 102525
- 102525
- 1040162
- 1040162
- RHSA-2018:0805
- RHSA-2018:0805
- https://security.netapp.com/advisory/ntap-20190404-0003/
- https://security.netapp.com/advisory/ntap-20190404-0003/
- USN-3534-1
- USN-3534-1
- USN-3536-1
- USN-3536-1
- 43775
- 43775
- 44889
- 44889
- https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
- https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/