SUSE Linux update for glibc
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-1000408 CVE-2017-1000409 CVE-2017-15670 CVE-2017-15671 CVE-2017-15804 CVE-2017-16997 CVE-2018-1000001 |
| CWE-ID | CWE-401 CWE-119 CWE-120 CWE-427 CWE-124 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU37574
Risk: Medium
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2017-1000408
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366. A remote attacker can perform a denial of service attack.
MitigationUpdate the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-01/msg00037.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Buffer overflow
EUVDB-ID: #VU37575
Risk: Low
CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-1000409
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.
MitigationUpdate the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-01/msg00037.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Memory corruption
EUVDB-ID: #VU11544
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-15670
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code with elevated privileges on the target system.
The weakness exists in the glob function in glob.c due to off-by-one error. A remote attacker can trigger heap-based buffer overflow and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-01/msg00037.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU11545
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15671
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the glob function in glob.c due to it skips freeing allocated memory when processing the ~ operator with a long user name when invoked with GLOB_TILDE. A remote attacker can trigger memory corruption and cause the service to crash.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-01/msg00037.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU11546
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-15804
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the glob function in glob.c due to buffer overflow during unescaping of user names with the ~ operator. A remote attacker can trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-01/msg00037.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Insecure DLL loading
EUVDB-ID: #VU11547
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16997
CWE-ID:
CWE-427 - Uncontrolled Search Path Element
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The weakness exists in elf/dl-load.c due to insecure .dll loading mechanism when opening files. Alocal attacker can place a file along with specially crafted .dll file on a remote SBM or WebDAV share and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-01/msg00037.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Privilege escalation
EUVDB-ID: #VU9992
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2018-1000001
CWE-ID:
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in due to a change in the processing of pathnames in the getcwd() command introduced in Linux kernel. A local attacker can use a specially crafted application, trigger buffer underflow in the __realpath() function in 'stdlib/canonicalize.c' and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-01/msg00037.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
