Privilege escalation in Glibc

Published: 2018-01-12 12:13:26 | Updated: 2018-01-12 12:14:04
Severity Low
Patch available NO
Number of vulnerabilities 1
CVE ID CVE-2018-1000001
CVSSv3 8.6 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C]
CWE ID CWE-124
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software Linux kernel
Vulnerable software versions Linux kernel 2.6.36
Vendor URL Linux Foundation

Security Advisory

1) Privilege escalation

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in due to a change in the processing of pathnames in the getcwd() command introduced in Linux kernel. A local attacker can use a specially crafted application, trigger buffer underflow in the __realpath() function in 'stdlib/canonicalize.c' and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.

External links

https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/

Back to List