- Description
- elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
- Source
- security@debian.org
- NVD status
- Analyzed
CVSS 3.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9.3
- Impact score
- 10
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:C/I:C/A:C
- nvd@nist.gov
- CWE-426
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:glibc:2.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1829B291-7B55-4B4A-9CA4-8784932935B8"
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D625EEF2-DB23-4DFE-AF1C-BEE2DD38C54D"
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47C2E388-06A8-4AD0-9511-749FD10D2936"
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DB1928D-6A44-4B2D-A9BB-4656AF47317B"
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32938018-220F-4444-984C-2D0CACFAAD04"
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36AD162E-4C9C-48A5-B2BF-9C0B4BDD5822"
},
{
"criteria": "cpe:2.3:a:gnu:glibc:2.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B1B17E4-66FB-48F1-A417-2B502955257A"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
}
],
"operator": "OR"
}
]
}
]