Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 644278 (CVE-2018-1000001)

Summary: <sys-libs/glibc-{2.25-r11,2.26-r6}: Libc Realpath Buffer Underflow
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: holger, hydrapolic, toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: A3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 646492    
Bug Blocks:    

Description Ian Zimmerman 2018-01-12 02:58:56 UTC
According to the very thorough report in oss-security [1]:

++ The vulnerability described here is caused by Linux kernel
behaviour change in the syscall API (returning relative pathnames
in getcwd()) and non-defensive function implementation in libc
(failing to process that pathname correctly). Other libraries
are very likely to be affected as well. On affected systems this
vulnerability can be used to gain root privileges via SUID binaries.

The return value specification change in getcwd() was introduced
in Linux kernel Linux 2.6.36. It has already caused troubles,
even in realpath(), but at different location

Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-03 15:02:17 UTC
Thank you Ian and Oleg for the information.
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2018-02-08 21:53:56 UTC
Fix added to the gentoo/2.26 branch (will be in patchlevel 6).
Fixed upstream in 2.27.
Comment 4 Larry the Git Cow gentoo-dev 2018-02-08 23:49:52 UTC
The bug has been referenced in the following commit(s):

commit fa2244fedca8e63902ba8d879dbf0f4d9548d754
Author:     Andreas K. Hüttel <>
AuthorDate: 2018-02-08 23:49:17 +0000
Commit:     Andreas K. Hüttel <>
CommitDate: 2018-02-08 23:49:40 +0000

    sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6)
    10 test failures need investigating:
    FAIL: elf/tst-prelink-cmp
    XPASS: elf/tst-protected1a
    XPASS: elf/tst-protected1b
    FAIL: malloc/tst-malloc-tcache-leak
    FAIL: math/test-float128-finite-tgamma
    FAIL: math/test-float128-finite-trunc
    FAIL: math/test-float128-tgamma
    FAIL: math/test-float128-trunc
    FAIL: math/test-ifloat128-tgamma
    FAIL: math/test-ifloat128-trunc
    FAIL: misc/tst-ttyname
    UNSUPPORTED: nptl/test-cond-printers
    UNSUPPORTED: nptl/test-condattr-printers
    UNSUPPORTED: nptl/test-mutex-printers
    UNSUPPORTED: nptl/test-mutexattr-printers
    UNSUPPORTED: nptl/test-rwlock-printers
    UNSUPPORTED: nptl/test-rwlockattr-printers
    FAIL: nss/tst-nss-files-hosts-multi
    Summary of test results:
         10 FAIL
       4113 PASS
          6 UNSUPPORTED
         29 XFAIL
          2 XPASS
    Package-Manager: Portage-2.3.21, Repoman-2.3.6

 sys-libs/glibc/Manifest             |   1 +
 sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++
 2 files changed, 837 insertions(+)}
Comment 5 Andreas K. Hüttel archtester gentoo-dev 2018-02-09 22:28:29 UTC
Fix added to the gentoo/2.25 branch (will be in patchlevel 14).
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2018-04-04 01:55:42 UTC
This issue was resolved and addressed in
 GLSA 201804-02 at
by GLSA coordinator Aaron Bauman (b-man).