Описание
Improper Input Validation in libseccomp-golang
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-18367
- https://github.com/seccomp/libseccomp-golang/issues/22
- https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e
- https://access.redhat.com/errata/RHSA-2019:4087
- https://access.redhat.com/errata/RHSA-2019:4090
- https://lists.debian.org/debian-lts-announce/2020/08/msg00016.html
- https://usn.ubuntu.com/4574-1
- http://www.openwall.com/lists/oss-security/2019/04/25/6
Пакеты
github.com/seccomp/libseccomp-golang
< 0.9.1
0.9.1
Связанные уязвимости
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument.
libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR ...
Уязвимость программного обеспечения libseccomp-golang, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю оказать воздействие на целостность данных