TTCSIRT-087.020818: TT-CSIRT Advisory – Linux Security Updates
A vulnerability has been discovered in the GNU C Library of all Linux Distributions which could allow for arbitrary code execution. It is caused due to internal memalign() and malloc() functions in glibc failing to properly report allocation errors. This vulnerability can be exploited when the system processes maliciously crafted data.
Successful exploitation could result in an attacker gaining the same privileges as the exploited application. Thus, depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights. Failed exploit attempts could lead to a denial of service condition for the affected application.
Further information on this vulnerability and how it can be mitigated can be found at https://www.cisecurity.org/advisory/a-vulnerability-in-gnu-c-library-could-allow-for-arbitrary-code-execution_2018-017/ |