SB2020070619 - Ubuntu update for glibc 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020070619

SB2020070619 - Ubuntu update for glibc

Published: July 6, 2020 Updated: April 23, 2025

Security Bulletin ID SB2020070619
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 45% Medium 9% Low 45%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Use-after-free error (CVE-ID: CVE-2017-12133)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the DNS stub resolver due to it will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation when enabling EDNS support. A remote attacker can trigger use after free and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

2) Privilege escalation (CVE-ID: CVE-2017-18269)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to an SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. A remote unauthenticated attacker can trigger memory corruption and disclose arbitrary files, cause the application to crash or possibly execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Memory corruption (CVE-ID: CVE-2018-11236)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the stdlib/canonicalize.c source code in the GNU glibc library due to improper processing of long pathname arguments to the realpath function. A local unauthenticated attacker can send long pathname arguments to a targeted system that is using 32-bit architecture, trigger an integer overflow condition that can lead to stack-based buffer overflow condition and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Buffer overflow (CVE-ID: CVE-2018-11237)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an AVX-512-optimized implementation of the mempcpy function may write data beyond the target buffer. A local attacker can trigger buffer overflow in __mempcpy_avx512_no_vzeroupper and execute arbitrary code with elevated privileges.

5) Resource exhaustion (CVE-ID: CVE-2018-19591)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an invalid 'ifname' parameter to __if_nametoindex() in 'sysdeps/unix/sysv/linux/if_index.c'. A remote attacker can invoke a call to the getaddrinfo() function with a 'node' parameter, consume excessive memory and cause the service to crash.


6) Integer overflow (CVE-ID: CVE-2018-6485)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists in the implementation of the posix_memalign in memalign functions due to integer overflow when causing these functions to return a pointer to a heap area that is too small. A remote attacker can trigger memory corruption and gain root privileges.

7) Information disclosure (CVE-ID: CVE-2019-19126)

The vulnerability allows a local authenticated user to gain access to sensitive information.

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.


8) Out-of-bounds read (CVE-ID: CVE-2019-9169)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.

The vulnerability exists due to heap-based buffer over-read via an attempted case-insensitive regular-expression match. A remote attacker can perform a denial of service attack or gain access to sensitive information.


9) Stack-based buffer overflow (CVE-ID: CVE-2020-10029)

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within "sysdeps/ieee754/ldbl-96/e_rem_pio2l.c" in GNU C Library (aka glibc or libc6). An attacker can pas specially crafted input to the application and trigger a stack-based buffer overflow.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system or denial of service conditions.


10) Out-of-bounds write (CVE-ID: CVE-2020-1751)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in the "backtrace" function when handling signal trampolines on PowerPC. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


11) Use-after-free (CVE-ID: CVE-2020-1752)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the glob() function in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username are affected by this issue. A local user can create a specially crafted path that, when processed by the glob() function, would potentially lead to arbitrary code execution.


Remediation

Install update from vendor's website.

References