CVE-2018-1000001

Current Description

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

Basic Data

PublishedJanuary 31, 2018
Last ModifiedOctober 03, 2019
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-787
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

CVSS 3 - Version3.0
CVSS 3 - Vector StringCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 3 - Attack VectorLOCAL
CVSS 3 - Attack ComplexityLOW
CVSS 3 - Privileges RequiredLOW
CVSS 3 - User InteractionNONE
CVSS 3 - ScopeUNCHANGED
CVSS 3 - Confidentiality ImpactHIGH
CVSS 3 - Integrity ImpactHIGH
CVSS 3 - Availability ImpactHIGH
CVSS 3 - Base Score7.8
CVSS 3 - Base SeverityHIGH
Exploitability Score1.8
Base SeverityHIGH

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGnuGlibc********2.26
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux12.04***esm***
    2.3OSCanonicalUbuntu Linux14.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
    2.3OSCanonicalUbuntu Linux17.10*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatVirtualization Host4.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server Aus7.6*******
    2.3OSRedhatEnterprise Linux Server Eus7.6*******
    2.3OSRedhatEnterprise Linux Server Tus7.6*******
    2.3OSRedhatEnterprise Linux Workstation7.0*******

Vulnerable Software List

VendorProductVersions
Canonical Ubuntu Linux 12.04, 14.04, 16.04, 17.10
Redhat Enterprise Linux Workstation 7.0
Redhat Virtualization Host 4.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server Aus 7.6
Redhat Enterprise Linux Server Tus 7.6
Redhat Enterprise Linux Server Eus 7.6
Redhat Enterprise Linux Server 7.0
Gnu Glibc *

References

NameSourceURLTags
[oss-security] 20180111 Libc Realpath Buffer Underflow CVE-2018-1000001http://seclists.org/oss-sec/2018/q1/38MLISTMailing List Third Party Advisory
102525http://www.securityfocus.com/bid/102525BIDThird Party Advisory VDB Entry
1040162http://www.securitytracker.com/id/1040162SECTRACKThird Party Advisory VDB Entry
RHSA-2018:0805https://access.redhat.com/errata/RHSA-2018:0805REDHATThird Party Advisory
https://security.netapp.com/advisory/ntap-20190404-0003/https://security.netapp.com/advisory/ntap-20190404-0003/CONFIRM
USN-3534-1https://usn.ubuntu.com/3534-1/UBUNTUThird Party Advisory
USN-3536-1https://usn.ubuntu.com/3536-1/UBUNTUThird Party Advisory
43775https://www.exploit-db.com/exploits/43775/EXPLOIT-DBExploit Third Party Advisory VDB Entry
44889https://www.exploit-db.com/exploits/44889/EXPLOIT-DBExploit Third Party Advisory VDB Entry
https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/MISCThird Party Advisory