CVE-2017-16997
published 2017-12-18CVE-2017-16997: elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or…
high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.25-6 (bookworm) | glibc 2.25-6 (bookworm) |
| eglibc | eglibc | >= 0 < 2.19-0ubuntu6.14 | 2.19-0ubuntu6.14 |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | — | — |
| gnu | glibc | >= 0 < 2.25-6 | 2.25-6 |
| gnu | glibc | >= 0 < 2.25-6 | 2.25-6 |
| gnu | glibc | >= 0 < 2.25-6 | 2.25-6 |
| gnu | glibc | >= 0 < 2.25-6 | 2.25-6 |
| gnu | glibc | >= 0 < 2.23-0ubuntu10 | 2.23-0ubuntu10 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH