|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-1000001
|CWE ID|| CWE-124
|Public exploit||Not available|
|Vulnerable software versions||
Linux kernel 2.6.36
|Vendor URL||Linux Foundation|
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in due to a change in the processing of pathnames in the getcwd() command introduced in Linux kernel. A local attacker can use a specially crafted application, trigger buffer underflow in the __realpath() function in 'stdlib/canonicalize.c' and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.