SB2017082216 - Heap-based buffer overflow in augeas (Alpine package)
Published: August 22, 2017
Security Bulletin ID
SB2017082216
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2017-7555)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when parsing configuration files. A local user with ability to change configuration files can add specially crafted strings, trigger heap-based buffer overflow and execute arbitrary code on the target system with elevated privileges.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=04ac9b3e82e962b448deee2b4841652843222154
- https://git.alpinelinux.org/aports/commit/?id=a0b936b66e502df6850b81bf918a41b5d9b9cc0c
- https://git.alpinelinux.org/aports/commit/?id=c5c0b95606f923689a901b8c685bf2dfbd92cef8
- https://git.alpinelinux.org/aports/commit/?id=d173f944a5ef2f2c74125f9c2a17c2a8c4faf803
- https://git.alpinelinux.org/aports/commit/?id=4eb87c369f8dc4b2029568914d2f6f0d5ba316f8