#VU23633 Input validation error in libseccomp-golang - CVE-2017-18367

Cybersecurity Help s.r.o.

Published: 2019-12-17 | Updated: 2019-12-17

Vulnerability identifier: #VU23633

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-18367

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
libseccomp-golang
Universal components / Libraries / Libraries used by multiple products

Vendor: The libseccomp Project

Description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to insufficient validation of user-supplied input in libseccomp-golang. The software incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

libseccomp-golang: 0.9.0

External links
https://www.openwall.com/lists/oss-security/2019/04/25/6
https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
https://github.com/seccomp/libseccomp-golang/issues/22

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for golang-github-seccomp-libseccomp-golang

Red Hat OpenShift Container Platform 3.11 update for atomic-openshift

Multiple vulnerabilities in OpenShift Container Platform

Improper input validation in libseccomp-golang