CVE-2017-16997

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.19 through 2.26

Description The issue is related to the fillin rpath and decompose rpath functions in the GNU C Library, which mishandle RPATH and RUNPATH containing $ORIGIN for privileged programs. This allows a local user to gain privileges via a Trojan horse library in the current working directory. The problem is associated with the misinterpretation of an empty RPATH/RUNPATH token as the "./" directory. It is noted that this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon.

Recommendations For GNU C Library versions 2.19 through 2.26, consider restricting the use of the fillin rpath and decompose rpath functions until a patch is available. As a temporary workaround, avoid using RPATH and RUNPATH containing $ORIGIN for privileged programs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.