Vulnerabilities > CVE-2019-1010023 - Unspecified vulnerability in GNU Glibc
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1152.NASL description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - GNU Libc current is affected by: Re-mapping current loaded libray with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code.(CVE-2019-1010023) - ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by last seen 2020-05-03 modified 2020-02-25 plugin id 133986 published 2020-02-25 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133986 title EulerOS 2.0 SP8 : glibc (EulerOS-SA-2020-1152) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1102.NASL description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by last seen 2020-05-06 modified 2020-02-24 plugin id 133903 published 2020-02-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133903 title EulerOS 2.0 SP5 : glibc (EulerOS-SA-2020-1102)
References
- http://www.securityfocus.com/bid/109167
- http://www.securityfocus.com/bid/109167
- https://security-tracker.debian.org/tracker/CVE-2019-1010023
- https://security-tracker.debian.org/tracker/CVE-2019-1010023
- https://sourceware.org/bugzilla/show_bug.cgi?id=22851
- https://sourceware.org/bugzilla/show_bug.cgi?id=22851
- https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS
- https://ubuntu.com/security/CVE-2019-1010023
- https://ubuntu.com/security/CVE-2019-1010023