CVE-2017-1000409

Related Files

Ubuntu Security Notice USN-3534-1

Posted Jan 17, 2018

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3534-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges. A memory leak was discovered in the _dl_init_paths function in the GNU C library dynamic loader. A local attacker could potentially exploit this with a specially crafted value in the LD_HWCAP_MASK environment variable, in combination with CVE-2017-1000409 and another vulnerability on a system with hardlink protections disabled, in order to gain administrative privileges. Various other issues were also addressed.

tags | advisory, arbitrary, kernel, local, memory leak

systems | linux, ubuntu

advisories | CVE-2017-1000408, CVE-2017-1000409, CVE-2017-15670, CVE-2017-15804, CVE-2017-16997, CVE-2017-17426, CVE-2018-1000001

SHA-256 | b93b27e39dcc8e45fb3868d7d816bfc00ea67297dafc2734a0cec988cd371f26

Download | Favorite | View

Qualys Security Advisory - GNU C Library Memory Leak / Buffer Overflow

Posted Dec 13, 2017

Authored by Qualys Security Advisory

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

tags | exploit, overflow, memory leak

advisories | CVE-2017-1000408, CVE-2017-1000409

SHA-256 | ab2ee457cd217c4af1e191968f48de6c5ef96258d1fcf05193b1e417d462e8ef

Download | Favorite | View