UbuntuUSN-3534-1GNU C Library vulnerabilities
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.7%
Releases
- Ubuntu 17.10
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- eglibc - GNU C Library
- glibc - GNU C Library
Details
It was discovered that the GNU C library did not properly handle all of
the possible return values from the kernel getcwd(2) syscall. A local
attacker could potentially exploit this to execute arbitrary code in setuid
programs and gain administrative privileges. (CVE-2018-1000001)
A memory leak was discovered in the _dl_init_paths() function in the GNU
C library dynamic loader. A local attacker could potentially exploit this
with a specially crafted value in the LD_HWCAP_MASK environment variable,
in combination with CVE-2017-1000409 and another vulnerability on a system
with hardlink protections disabled, in order to gain administrative
privileges. (CVE-2017-1000408)
A heap-based buffer overflow was discovered in the _dl_init_paths()
function in the GNU C library dynamic loader. A local attacker could
potentially exploit this with a specially crafted value in the
LD_LIBRARY_PATH environment variable, in combination with CVE-2017-1000408
and another vulnerability on a system with hardlink protections disabled,
in order to gain administrative privileges. (CVE-2017-1000409)
An off-by-one error leading to a heap-based buffer overflow was discovered
in the GNU C library glob() implementation. An attacker could potentially
exploit this to cause a denial of service or execute arbitrary code via a
maliciously crafted pattern. (CVE-2017-15670)
A heap-based buffer overflow was discovered during unescaping of user names
with the ~ operator in the GNU C library glob() implementation. An attacker
could potentially exploit this to cause a denial of service or execute
arbitrary code via a maliciously crafted pattern. (CVE-2017-15804)
It was discovered that the GNU C library dynamic loader mishandles RPATH
and RUNPATH containing $ORIGIN for privileged (setuid or AT_SECURE)
programs. A local attacker could potentially exploit this by providing a
specially crafted library in the current working directory in order to
gain administrative privileges. (CVE-2017-16997)
It was discovered that the GNU C library malloc() implementation could
return a memory block that is too small if an attempt is made to allocate
an object whose size is close to SIZE_MAX, resulting in a heap-based
overflow. An attacker could potentially exploit this to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 17.10.
(CVE-2017-17426)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 17.10 | noarch | libc6 | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | glibc-doc | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | glibc-source | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libc-bin | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libc-bin-dbgsym | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libc-dev-bin | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libc-dev-bin-dbgsym | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libc6-dbg | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libc6-dev | < 2.26-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 17.10 | noarch | libc6-dev-i386 | < 2.26-0ubuntu2.1 | UNKNOWN |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.005 Low
EPSS
Percentile
76.7%