Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644278 (CVE-2018-1000001) - <sys-libs/glibc-{2.25-r11,2.26-r6}: Libc Realpath Buffer Underflow
Summary: <sys-libs/glibc-{2.25-r11,2.26-r6}: Libc Realpath Buffer Underflow
Status: RESOLVED FIXED
Alias: CVE-2018-1000001
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+ cve]
Keywords:
Depends on: CVE-2018-6551
Blocks:
  Show dependency tree
 
Reported: 2018-01-12 02:58 UTC by Ian Zimmerman
Modified: 2018-04-04 01:55 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2018-01-12 02:58:56 UTC
According to the very thorough report in oss-security [1]:

++ The vulnerability described here is caused by Linux kernel
behaviour change in the syscall API (returning relative pathnames
in getcwd()) and non-defensive function implementation in libc
(failing to process that pathname correctly). Other libraries
are very likely to be affected as well. On affected systems this
vulnerability can be used to gain root privileges via SUID binaries.

The return value specification change in getcwd() was introduced
in Linux kernel Linux 2.6.36. It has already caused troubles,
even in realpath(), but at different location

[1]

http://openwall.com/lists/oss-security/2018/01/11/5
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-03 15:02:17 UTC
Thank you Ian and Oleg for the information.
Comment 3 Andreas K. Hüttel gentoo-dev 2018-02-08 21:53:56 UTC
Fix added to the gentoo/2.26 branch (will be in patchlevel 6).
Fixed upstream in 2.27.
Comment 4 Larry the Git Cow gentoo-dev 2018-02-08 23:49:52 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2244fedca8e63902ba8d879dbf0f4d9548d754

commit fa2244fedca8e63902ba8d879dbf0f4d9548d754
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2018-02-08 23:49:17 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2018-02-08 23:49:40 +0000

    sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6)
    
    10 test failures need investigating:
    ===
    FAIL: elf/tst-prelink-cmp
    XPASS: elf/tst-protected1a
    XPASS: elf/tst-protected1b
    FAIL: malloc/tst-malloc-tcache-leak
    FAIL: math/test-float128-finite-tgamma
    FAIL: math/test-float128-finite-trunc
    FAIL: math/test-float128-tgamma
    FAIL: math/test-float128-trunc
    FAIL: math/test-ifloat128-tgamma
    FAIL: math/test-ifloat128-trunc
    FAIL: misc/tst-ttyname
    UNSUPPORTED: nptl/test-cond-printers
    UNSUPPORTED: nptl/test-condattr-printers
    UNSUPPORTED: nptl/test-mutex-printers
    UNSUPPORTED: nptl/test-mutexattr-printers
    UNSUPPORTED: nptl/test-rwlock-printers
    UNSUPPORTED: nptl/test-rwlockattr-printers
    FAIL: nss/tst-nss-files-hosts-multi
    Summary of test results:
         10 FAIL
       4113 PASS
          6 UNSUPPORTED
         29 XFAIL
          2 XPASS
    ===
    
    Bug: https://bugs.gentoo.org/646492
    Bug: https://bugs.gentoo.org/646490
    Bug: https://bugs.gentoo.org/641644
    Bug: https://bugs.gentoo.org/644278
    Package-Manager: Portage-2.3.21, Repoman-2.3.6

 sys-libs/glibc/Manifest             |   1 +
 sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++
 2 files changed, 837 insertions(+)}
Comment 5 Andreas K. Hüttel gentoo-dev 2018-02-09 22:28:29 UTC
Fix added to the gentoo/2.25 branch (will be in patchlevel 14).
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2018-04-04 01:55:42 UTC
This issue was resolved and addressed in
 GLSA 201804-02 at https://security.gentoo.org/glsa/201804-02
by GLSA coordinator Aaron Bauman (b-man).