Privilege escalation in Glibc

Published: 2018-01-12 12:13:26 | Updated: 2018-01-12 12:14:04
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2018-1000001
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 2.6.36
Vendor URL Linux Foundation

Security Advisory

1) Privilege escalation


The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in due to a change in the processing of pathnames in the getcwd() command introduced in Linux kernel. A local attacker can use a specially crafted application, trigger buffer underflow in the __realpath() function in 'stdlib/canonicalize.c' and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.


Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

Back to List