Описание
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Отчет
This vulnerability affected the glibc package on Red Hat Enterprise Linux 7.4, however it can only be exploited when mount namespaces owned by user namespaces are enabled, which requires manually configuring a kernel parameter and sysctl that are not enabled by default. Please see the Bugzilla link for more details. This vulnerability affects glibc on Red Hat Enterprise Linux 6. However the kernel included in Red Hat Enterprise Linux 6 does not violate glibc's assumption about the behaviour of getcwd(), so this vulnerability can not be exploited when running with the default kernel. Red Hat Enterprise Linux 6 containers may be vulnerable when running on a host with kernel 2.6.36 or greater.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 5 | glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 6 | glibc | Will not fix | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Not affected | ||
| Red Hat Enterprise Linux 8 | glibc | Not affected | ||
| Red Hat Enterprise Linux 7 | glibc | Fixed | RHSA-2018:0805 | 10.04.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...
EPSS
7 High
CVSS3