Vulnerability identifier: #VU26628
Vulnerability risk: High
Exploitation vector: Local
Exploit availability: No
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the glob() function in glibc in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username are affected by this issue. A local user can create a specially crafted path that, when processed by the glob() function, would potentially lead to arbitrary code execution.
Install updates from vendor's website.
Vulnerable software versions
Glibc: 2.14.1 - 2.30
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?