#VU17105 Input validation error in Glibc


Published: 2019-01-22

Vulnerability identifier: #VU17105

Vulnerability risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-10739

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to the getaddrinfo() function accepts an IPv4 address followed by whitespace and arbitrary characters and treats his input as a correct IPv4 address. Software that accepts input from the getaddrinfo() function may incorrectly assume that the function return IPv4 address only. As a result, a remote attacker can inject arbitrary data into the IPv4 address and change application's behavior that relies on getaddrinfo() output (e.g., inject HTTP headers or other potentially dangerous strings).


Mitigation
Install updates from vendor's repository. This vulnerability will be fixed in the upcoming glibc release 2.29.

Vulnerable software versions

Glibc: 1.00 - 2.28

External links
http://bugzilla.redhat.com/show_bug.cgi?id=1347549
http://sourceware.org/bugzilla/show_bug.cgi?id=20018

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Netcool Operations Insight
Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak
SUSE update for glibc
Amazon Linux AMI update for python34, python35
Amazon Linux AMI update for python36
Amazon Linux AMI update for glibc
Red Hat update for glibc
Red Hat update for glibc
OpenSUSE Linux update for glibc
Security restrictions bypass in Glibc getaddrinfo()