Published: 18/12/2017 Updated: 15/10/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 829

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 up to and including 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.22
gnu glibc 2.25
gnu glibc 2.19
gnu glibc 2.20
gnu glibc 2.21
gnu glibc 2.23
gnu glibc 2.26
redhat enterprise linux workstation 7.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0

Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Debian Bug report logs - #884615 src:glibc: CVE-2017-16997: incorrect RPATH/RUNPATH handling for SUID binaries Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Aurelien Jarno <aurel32@debianorg> Date: Sun, 17 Dec 2017 17:36:02 UTC Severity: important ...

Several security issues were fixed in the GNU C library ...

A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met An attacker could use this vulnerability to cause a denial of service or potentially execute code(CVE-2018-11237) elf/dl-loadc in the GNU C Library (aka glibc or libc6) 219 through 22 ...

elf/dl-loadc in the GNU C Library (aka glibc or libc6) 219 through 226 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions This is associat ...

Set url, name, group attributes in inspecyml to improve -add error handling -health-check takes 10-20 seconds before available -improve types of data Custom InSpec resource to validate running hart dependencies This custom resource uses the Habitat Supervisor API to test package dependencies It Ruby's HTTPClient so you don't need to use InSpec Target mode for remot

A proof-of-concept for CVE-2017-16997

Usage Run /CVE-2017-16997sh If run as non-root user, make sure you can elevate to root via sudo Details nvdnistgov/vuln/detail/CVE-2017-16997

CWE-426 https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html https://sourceware.org/bugzilla/show_bug.cgi?id=22625 https://bugs.debian.org/884615 http://www.securityfocus.com/bid/102228 https://access.redhat.com/errata/RHSA-2018:3092 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3092 https://nvd.nist.gov https://usn.ubuntu.com/3534-1/

CVE-2017-16997

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect