Improper input validation in libseccomp-golang



Published: 2019-04-24 | Updated: 2019-12-17
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-18367
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		libseccomp-golang
Universal components / Libraries / Libraries used by multiple products

Vendor The libseccomp Project

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU23633

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18367

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input in libseccomp-golang. The software incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

libseccomp-golang: 0.9.0

External links

http://www.openwall.com/lists/oss-security/2019/04/25/6
http://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
http://github.com/seccomp/libseccomp-golang/issues/22


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###