SB2018052404 - Privilege escalation in GNU Glibc

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Memory corruption (CVE-ID: CVE-2018-11236)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the stdlib/canonicalize.c source code in the GNU glibc library due to improper processing of long pathname arguments to the realpath function. A local unauthenticated attacker can send long pathname arguments to a targeted system that is using 32-bit architecture, trigger an integer overflow condition that can lead to stack-based buffer overflow condition and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Buffer overflow (CVE-ID: CVE-2018-11237)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an AVX-512-optimized implementation of the mempcpy function may write data beyond the target buffer. A local attacker can trigger buffer overflow in __mempcpy_avx512_no_vzeroupper and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

• https://sourceware.org/bugzilla/show_bug.cgi?id=22786
• https://sourceware.org/git/gitweb.cgi?p=glibc.git&h=5460617d1567657621107d895ee2dd83bc1f88f2
• https://sourceware.org/ml/libc-alpha/2018-05/msg00713.html