Main Vulnerability Database Vulnerabilities #VU13234

Privilege escalation in Glibc - CVE-2017-18269

Published: June 8, 2018 / Updated: June 8, 2018

Vulnerability identifier: #VU13234

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-18269

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Glibc

Detailed vulnerability description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to an SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. A remote unauthenticated attacker can trigger memory corruption and disclose arbitrary files, cause the application to crash or possibly execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2017-18269

Install update from vendor's website.

Sources

https://github.com/fingolfin/memmove-bug

Privilege escalation in Glibc - CVE-2017-18269

Detailed vulnerability description

How to mitigate CVE-2017-18269

Sources

Please verify you're human