Ticket #1185 (new task)

Opened 6 months ago

Last modified 6 months ago

GLIBC 2.26 GLOB_TILDE exploit

Reported by: kb0iic Owned by: clfs-commits@…
Priority: critical Milestone: CLFS Standard 3.1.0
Component: BOOK Version: CLFS Standard GIT
Keywords: glibc glob tilde exploit Cc: berzerkula@…, jonathan@…, chris@…, cross-lfs@…


Major vulnerability

Refer to the following URL's (CVE-2017-15670, CVE-2017-15671, CVE-2017-15804):

Attached a patch for GLIBC 2.26 until 2.27 is released.

With the patch, not running a patched glibc on the system:

  • FAIL: posix/tst-glob-tilde
  • FAIL: posix/tst-glob-tilde-mem

Didn't expect signal from child: got `Aborted'

Memory not freed:
           Address     Size     Caller
0x00007f6d0f2a4010  0x7a131  at 0x402c8d
0x00007f6d10ccd8e0  0x1869a  at 0x7f6d0edf4ab5
0x00007f6d10cfbc90  0x18694  at 0x7f6d0edf4ab5
0x00007f6d10d14330  0x1869b  at 0x7f6d0edf4ab5
0x00007f6d10d39180  0x18695  at 0x7f6d0edf4ab5
0x00007f6d10d69ec0  0x18696  at 0x7f6d0edf4ab5
0x00007f6d10d82560  0x186a0  at 0x7f6d0ed8e6f7
0x00007f6d10d9ac10  0x1869c  at 0x7f6d0edf4ab5


glibc-2.26-glob_exploit-1.patch Download (8.5 KB) - added by kb0iic 6 months ago.
GLIBC 2.26 GLOB TILDE exploit fixes
glibc-2.26-glob_fixes-1.patch Download (82.1 KB) - added by kb0iic 6 months ago.
Updated glob tilde fixes from  https://git.launchpad.net/glibc/?h=ibm%2F2.26%2Fmaster

Change History

Changed 6 months ago by kb0iic

GLIBC 2.26 GLOB TILDE exploit fixes

comment:1 Changed 6 months ago by kb0iic

Updated the patch with latest glob changes in glibc 2.26 master, which effectively is 2.26.1 now if you look at the NEWS file.

  • PASS: posix/tst-glob-tilde-mem original
    exit status 0
  • PASS: posix/tst-glob-tilde original
    exit status 0

The attached filename is glibc-2.26-glob_fixes-1.patch

Changed 6 months ago by kb0iic

Note: See TracTickets for help on using tickets.