Amazon Linux AMI update for glibc

1) NULL pointer dereference

EUVDB-ID: #VU12269

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-5180

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in res_query in libresolv due to NULL pointer dereference. A remote attacker can cause the service to crash.

Mitigation

Update the affected packages.

i686:
    glibc-debuginfo-common-2.17-222.173.amzn1.i686
    glibc-static-2.17-222.173.amzn1.i686
    glibc-debuginfo-2.17-222.173.amzn1.i686
    glibc-2.17-222.173.amzn1.i686
    glibc-devel-2.17-222.173.amzn1.i686
    glibc-utils-2.17-222.173.amzn1.i686
    nscd-2.17-222.173.amzn1.i686
    glibc-headers-2.17-222.173.amzn1.i686
    glibc-common-2.17-222.173.amzn1.i686

src:
    glibc-2.17-222.173.amzn1.src

x86_64:
    nscd-2.17-222.173.amzn1.x86_64
    glibc-common-2.17-222.173.amzn1.x86_64
    glibc-utils-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-2.17-222.173.amzn1.x86_64
    glibc-2.17-222.173.amzn1.x86_64
    glibc-static-2.17-222.173.amzn1.x86_64
    glibc-devel-2.17-222.173.amzn1.x86_64
    glibc-headers-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-common-2.17-222.173.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1017.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Privilege escalation

EUVDB-ID: #VU9992

Risk: Low

CVSSv3.1: 8.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C]

CVE-ID: CVE-2018-1000001

CWE-ID: CWE-124 - Buffer Underwrite ('Buffer Underflow')

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in due to a change in the processing of pathnames in the getcwd() command introduced in Linux kernel. A local attacker can use a specially crafted application, trigger buffer underflow in the __realpath() function in 'stdlib/canonicalize.c' and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    glibc-debuginfo-common-2.17-222.173.amzn1.i686
    glibc-static-2.17-222.173.amzn1.i686
    glibc-debuginfo-2.17-222.173.amzn1.i686
    glibc-2.17-222.173.amzn1.i686
    glibc-devel-2.17-222.173.amzn1.i686
    glibc-utils-2.17-222.173.amzn1.i686
    nscd-2.17-222.173.amzn1.i686
    glibc-headers-2.17-222.173.amzn1.i686
    glibc-common-2.17-222.173.amzn1.i686

src:
    glibc-2.17-222.173.amzn1.src

x86_64:
    nscd-2.17-222.173.amzn1.x86_64
    glibc-common-2.17-222.173.amzn1.x86_64
    glibc-utils-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-2.17-222.173.amzn1.x86_64
    glibc-2.17-222.173.amzn1.x86_64
    glibc-static-2.17-222.173.amzn1.x86_64
    glibc-devel-2.17-222.173.amzn1.x86_64
    glibc-headers-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-common-2.17-222.173.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1017.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

3) Infinite loop

EUVDB-ID: #VU12268

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2014-9402

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the nss_dns implementation of getnetbyname due to infinite loop when the DNS backend in the Name Service Switch configuration is enabled. A remote attacker can send a positive answer while a network name is being process and cause the service to crash.

Mitigation

Update the affected packages.

i686:
    glibc-debuginfo-common-2.17-222.173.amzn1.i686
    glibc-static-2.17-222.173.amzn1.i686
    glibc-debuginfo-2.17-222.173.amzn1.i686
    glibc-2.17-222.173.amzn1.i686
    glibc-devel-2.17-222.173.amzn1.i686
    glibc-utils-2.17-222.173.amzn1.i686
    nscd-2.17-222.173.amzn1.i686
    glibc-headers-2.17-222.173.amzn1.i686
    glibc-common-2.17-222.173.amzn1.i686

src:
    glibc-2.17-222.173.amzn1.src

x86_64:
    nscd-2.17-222.173.amzn1.x86_64
    glibc-common-2.17-222.173.amzn1.x86_64
    glibc-utils-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-2.17-222.173.amzn1.x86_64
    glibc-2.17-222.173.amzn1.x86_64
    glibc-static-2.17-222.173.amzn1.x86_64
    glibc-devel-2.17-222.173.amzn1.x86_64
    glibc-headers-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-common-2.17-222.173.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1017.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU11546

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15804

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the glob function in glob.c due to buffer overflow during unescaping of user names with the ~ operator. A remote attacker can trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    glibc-debuginfo-common-2.17-222.173.amzn1.i686
    glibc-static-2.17-222.173.amzn1.i686
    glibc-debuginfo-2.17-222.173.amzn1.i686
    glibc-2.17-222.173.amzn1.i686
    glibc-devel-2.17-222.173.amzn1.i686
    glibc-utils-2.17-222.173.amzn1.i686
    nscd-2.17-222.173.amzn1.i686
    glibc-headers-2.17-222.173.amzn1.i686
    glibc-common-2.17-222.173.amzn1.i686

src:
    glibc-2.17-222.173.amzn1.src

x86_64:
    nscd-2.17-222.173.amzn1.x86_64
    glibc-common-2.17-222.173.amzn1.x86_64
    glibc-utils-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-2.17-222.173.amzn1.x86_64
    glibc-2.17-222.173.amzn1.x86_64
    glibc-static-2.17-222.173.amzn1.x86_64
    glibc-devel-2.17-222.173.amzn1.x86_64
    glibc-headers-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-common-2.17-222.173.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1017.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

EUVDB-ID: #VU11544

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15670

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code with elevated privileges on the target system.

The weakness exists in the glob function in glob.c due to off-by-one error. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

i686:
    glibc-debuginfo-common-2.17-222.173.amzn1.i686
    glibc-static-2.17-222.173.amzn1.i686
    glibc-debuginfo-2.17-222.173.amzn1.i686
    glibc-2.17-222.173.amzn1.i686
    glibc-devel-2.17-222.173.amzn1.i686
    glibc-utils-2.17-222.173.amzn1.i686
    nscd-2.17-222.173.amzn1.i686
    glibc-headers-2.17-222.173.amzn1.i686
    glibc-common-2.17-222.173.amzn1.i686

src:
    glibc-2.17-222.173.amzn1.src

x86_64:
    nscd-2.17-222.173.amzn1.x86_64
    glibc-common-2.17-222.173.amzn1.x86_64
    glibc-utils-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-2.17-222.173.amzn1.x86_64
    glibc-2.17-222.173.amzn1.x86_64
    glibc-static-2.17-222.173.amzn1.x86_64
    glibc-devel-2.17-222.173.amzn1.x86_64
    glibc-headers-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-common-2.17-222.173.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1017.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Spoofing attack

EUVDB-ID: #VU12270

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-12132

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack and write arbitrary files on the target system.

The weakness exists in the DNS stub resolver due to soliciting large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation, when EDNS support is enabled. A remote attacker can write arbitrary files.

Mitigation

Update the affected packages.

i686:
    glibc-debuginfo-common-2.17-222.173.amzn1.i686
    glibc-static-2.17-222.173.amzn1.i686
    glibc-debuginfo-2.17-222.173.amzn1.i686
    glibc-2.17-222.173.amzn1.i686
    glibc-devel-2.17-222.173.amzn1.i686
    glibc-utils-2.17-222.173.amzn1.i686
    nscd-2.17-222.173.amzn1.i686
    glibc-headers-2.17-222.173.amzn1.i686
    glibc-common-2.17-222.173.amzn1.i686

src:
    glibc-2.17-222.173.amzn1.src

x86_64:
    nscd-2.17-222.173.amzn1.x86_64
    glibc-common-2.17-222.173.amzn1.x86_64
    glibc-utils-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-2.17-222.173.amzn1.x86_64
    glibc-2.17-222.173.amzn1.x86_64
    glibc-static-2.17-222.173.amzn1.x86_64
    glibc-devel-2.17-222.173.amzn1.x86_64
    glibc-headers-2.17-222.173.amzn1.x86_64
    glibc-debuginfo-common-2.17-222.173.amzn1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

External links

http://alas.aws.amazon.com/ALAS-2018-1017.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	High
Patch available	YES
Number of vulnerabilities	6
CVE-ID	CVE-2015-5180 CVE-2018-1000001 CVE-2014-9402 CVE-2017-15804 CVE-2017-15670 CVE-2017-12132
CWE-ID	CWE-476 CWE-124 CWE-835 CWE-120 CWE-119 CWE-451
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #2 is available.
Vulnerable software Subscribe	Amazon Linux AMI Operating systems & Components / Operating system
Vendor	Amazon Web Services