PT-2018-1072 · Gnu+5 · Glibc+5

Halfdog

Publicado

2017-12-26

Atualizado

2025-09-29

CVE-2018-1000001

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glibc versions 2.26 and earlier

Description The issue arises from the confusion in the usage of getcwd() by realpath() in glibc, leading to a buffer underflow. This can potentially allow for code execution. The vulnerability is caused by the operation exceeding the buffer boundaries in memory. Exploitation of this issue may enable an attacker to execute arbitrary code using a specially crafted SUID file.

Recommendations For glibc versions 2.26 and earlier, consider updating to a version later than 2.26 to resolve the issue. As a temporary workaround, restrict the use of SUID files to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

ALSA-2021_1585

ALSA-2022_0825

ALSA-2024_2722

ALSA-2024_3269

ALSA-2024_3339

ALSA-2025_16880

ALT-PU-2017-2833

ALT-PU-2018-1034

BDU:2018-00415

CESA-2018_0805

CVE-2018-1000001

ELSA-2018-0805

MGASA-2018-0096

MGASA-2018-0098

OPENSUSE-SU-2018_0089-1

OPENSUSE-SU-2018_0494-1

OPENSUSE-SU-2024:10792-1

RHSA-2018:0805

RHSA-2018_0805

SUSE-SU-2018:0071-1

SUSE-SU-2018:0074-1

SUSE-SU-2018:0075-1

SUSE-SU-2018:0076-1

SUSE-SU-2018:0451-1

SUSE-SU-2018:0565-1

SUSE-SU-2018:2187-1

SUSE-SU-2018_0071-1

SUSE-SU-2018_0074-1

SUSE-SU-2018_0075-1

SUSE-SU-2018_0076-1

SUSE-SU-2018_0451-1

SUSE-SU-2018_0565-1

SUSE-SU-2018_2187-1

USN-3534-1

USN-3536-1

USN-4768-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Glibc

PT-2018-1072 · Gnu+5 · Glibc+5

CVE-2018-1000001

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 122