Описание
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000001
- https://access.redhat.com/errata/RHSA-2018:0805
- https://security.netapp.com/advisory/ntap-20190404-0003
- https://usn.ubuntu.com/3534-1
- https://usn.ubuntu.com/3536-1
- https://www.exploit-db.com/exploits/43775
- https://www.exploit-db.com/exploits/44889
- https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow
- http://seclists.org/oss-sec/2018/q1/38
- http://www.securityfocus.com/bid/102525
- http://www.securitytracker.com/id/1040162
Связанные уязвимости
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...
