CVE-2017-16997Untrusted Search Path in Glibc

CWE-426Untrusted Search PathCWE-470Unsafe Reflection9 documents8 sources
Severity
7.8HIGHNVD
EPSS
0.9%
top 24.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
GNU GlibcRedhat Enterprise Linux DesktopRedhat Enterprise Linux Server+1 more
Timeline
PublishedDec 18
Latest updateMay 13

Description

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is a

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

Debiangnu/glibc< 2.25-6+3
NVDgnu/glibc7 versions+6

Patches

Patch: bugs.debian.orgPatch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-q5m3-4jcg-c4rf: elf/dl-load2022-05-13
OSV
CVE-2017-16997: elf/dl-load2017-12-18
CVEList
CVE-2017-16997: elf/dl-load2017-12-18

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2018-01-17
Red Hat
glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries2017-12-17
Debian
CVE-2017-16997: glibc - elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishan...2017

💬Community

2
Bugzilla
CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries2017-12-18
Bugzilla
CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries [fedora-all]2017-12-18
CVE-2017-16997 — Untrusted Search Path in GNU Glibc | cvebase