Vulnerabilities > CVE-2018-11237 - Out-of-bounds Write vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description GNU glibc < 2.27 - Local Buffer Overflow. CVE-2018-11237. Local exploit for Linux platform id EDB-ID:44750 last seen 2018-05-24 modified 2018-05-24 published 2018-05-24 reporter Exploit-DB source https://www.exploit-db.com/download/44750/ title GNU glibc < 2.27 - Local Buffer Overflow id EDB-ID:44750
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-422.NASL description This update for glibc fixes the following issues : This security issue was fixed : - Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs (boo#1092877, CVE-2018-11237) last seen 2020-06-01 modified 2020-06-02 plugin id 123183 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123183 title openSUSE Security Update : glibc (openSUSE-2019-422) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-539.NASL description This update for glibc fixes the following security issues : - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123228 published 2019-03-27 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123228 title openSUSE Security Update : glibc (openSUSE-2019-539) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1991-1.NASL description This update for glibc fixes the following security issues : - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 120053 published 2019-01-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120053 title SUSE SLED15 / SLES15 Security Update : glibc (SUSE-SU-2018:1991-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2030.NASL description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.(CVE-2016-4429) - Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.(CVE-2015-8982) - The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.(CVE-2014-4043) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) - A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237) - In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.(CVE-2019-9169) - The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.(CVE-2016-10228) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129223 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129223 title EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-2030) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2476.NASL description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.(CVE-2017-12133) - In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings.(CVE-2016-10739) - An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.(CVE-2018-11237) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-04 plugin id 131629 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131629 title EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-2476) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1562-1.NASL description This update for glibc fixes the following issues : - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don last seen 2020-06-01 modified 2020-06-02 plugin id 110393 published 2018-06-07 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110393 title SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:1562-1) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-1131.NASL description A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237) last seen 2020-06-01 modified 2020-06-02 plugin id 119785 published 2018-12-20 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119785 title Amazon Linux 2 : glibc (ALAS-2018-1131) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0066.NASL description An update of 'glibc' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 111953 published 2018-08-17 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=111953 title Photon OS 2.0: Glibc PHSA-2018-2.0-0066 (deprecated) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-600.NASL description This update for glibc fixes the following issues : This security issue was fixed : - Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs (boo#1092877, CVE-2018-11237) last seen 2020-06-05 modified 2018-06-11 plugin id 110439 published 2018-06-11 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110439 title openSUSE Security Update : glibc (openSUSE-2018-600) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-567.NASL description This update for glibc fixes the following issues : - CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) - CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) - CVE-2018-11237: Don last seen 2020-06-05 modified 2018-06-08 plugin id 110407 published 2018-06-08 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110407 title openSUSE Security Update : glibc (openSUSE-2018-567) NASL family Fedora Local Security Checks NASL id FEDORA_2018-916DFE0D86.NASL description This update ensures that valgrind works again without installing glibc debuginfo packages (RHBZ#1570246). It also addresses a security vulnerability in the `mempcpy` implementation for the Intel Xeon Phi processors (CVE-2018-11237, RHBZ#1581275). Furthermore, the switch to libidn2 uses the final upstream patches (RHBZ#1452750(. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120618 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120618 title Fedora 28 : glibc (2018-916dfe0d86) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1667.NASL description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the last seen 2020-05-06 modified 2019-06-27 plugin id 126294 published 2019-06-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126294 title EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1667) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2018-3092.NASL description An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118992 published 2018-11-16 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118992 title CentOS 7 : glibc (CESA-2018:3092) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1386.NASL description According to the versions of the glibc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.(CVE-2018-11237) - elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the last seen 2020-06-01 modified 2020-06-02 plugin id 124889 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124889 title EulerOS Virtualization for ARM 64 3.0.1.0 : glibc (EulerOS-SA-2019-1386) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0066_GLIBC.NASL description An update of the glibc package has been released. last seen 2020-03-17 modified 2019-02-07 plugin id 121962 published 2019-02-07 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/121962 title Photon OS 2.0: Glibc PHSA-2018-2.0-0066 NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0040_GLIBC.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has glibc packages installed that are affected by multiple vulnerabilities: - An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. (CVE-2018-6485) - elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the ./ directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution. (CVE-2017-16997) - A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code. (CVE-2018-11237) - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. (CVE-2018-11236) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127214 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127214 title NewStart CGSL CORE 5.04 / MAIN 5.04 : glibc Multiple Vulnerabilities (NS-SA-2019-0040) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-1562-2.NASL description This update for glibc fixes the following issues : CVE-2017-18269: Fix SSE2 memmove issue when crossing 2GB boundary (bsc#1094150) CVE-2018-11236: Fix overflow in path length computation (bsc#1094161) CVE-2018-11237: Don last seen 2020-06-01 modified 2020-06-02 plugin id 118259 published 2018-10-22 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118259 title SUSE SLES12 Security Update : glibc (SUSE-SU-2018:1562-2) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-788.NASL description This update for glibc fixes the following security issues : - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-08-02 plugin id 111501 published 2018-08-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111501 title openSUSE Security Update : glibc (openSUSE-2018-788) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3092.NASL description An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 118527 published 2018-10-31 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118527 title RHEL 7 : glibc (RHSA-2018:3092) NASL family Scientific Linux Local Security Checks NASL id SL_20181030_GLIBC_ON_SL7_X.NASL description Security Fix(es) : - glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) - glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) - glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) - glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) last seen 2020-03-18 modified 2018-11-27 plugin id 119182 published 2018-11-27 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119182 title Scientific Linux Security Update : glibc on SL7.x x86_64 (20181030) NASL family Fedora Local Security Checks NASL id FEDORA_2018-C1EF35A4F9.NASL description This update removes a misleading comment from the documentation of the `abort` function (RHBZ#1615608). A minor security vulnerability, CVE-2018-11237, a buffer overflow in mempcpy for Xeon Phi (RHBZ#1581275) has been addressed. The update also fixes the waiters-after-spinning case in the `pthread_cond_broadcast` function (RHBZ#1622669). Two bugs in the CPUID processing on x86 are also fixed (upstream bugs 23456 and 23459). The verification of vtables for stdio is improved (upstream bugs 23236 and 23313). A test case under a non-free license is removed (upstream bug 23363). The `if_nametoindex` now checks the length of interface names (upstream bug 22442). `getifaddrs` no longer returns interfaces with NULL names (upstream bug 23171). C++ compatibility of `iseqsig` has been improved (upstream bug 23171). A kernel header interaction issue related to `struct timespec` was addressed (upstream bug 23349). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-09-10 plugin id 117375 published 2018-09-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117375 title Fedora 27 : glibc (2018-c1ef35a4f9) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-1109.NASL description A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the last seen 2020-06-10 modified 2018-12-07 plugin id 119468 published 2018-12-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119468 title Amazon Linux AMI : glibc (ALAS-2018-1109)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/147870/gnuglibc-overflow.txt |
| id | PACKETSTORM:147870 |
| last seen | 2018-05-25 |
| published | 2018-05-24 |
| reporter | Jameel Nabbo |
| source | https://packetstormsecurity.com/files/147870/GNU-glibc-Local-Buffer-Overflow.html |
| title | GNU glibc Local Buffer Overflow |
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- https://sourceware.org/bugzilla/show_bug.cgi?id=23196
- http://www.securityfocus.com/bid/104256
- https://www.exploit-db.com/exploits/44750/
- https://access.redhat.com/errata/RHSA-2018:3092
- https://security.netapp.com/advisory/ntap-20190401-0001/
- https://security.netapp.com/advisory/ntap-20190329-0001/
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
- https://access.redhat.com/errata/RHBA-2019:0327
- https://usn.ubuntu.com/4416-1/