CVE-2018-1000001
CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Productos afectados
n/a · n/aPoCs públicas encontradas — 6
githubgithub.com/0x00-0x00/CVE-2018-1000001★ 31githubgithub.com/usernameid0/tools-for-CVE-2018-1000001★ 0cve_referencewww.exploit-db.com/exploits/43775/no verificadocve_referencewww.exploit-db.com/exploits/44889/no verificadoexploitdbwww.exploit-db.com/exploits/44889no verificadoexploitdbwww.exploit-db.com/exploits/43775no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://access.redhat.com/errata/RHSA-2018:0805http://seclists.org/oss-sec/2018/q1/38https://security.netapp.com/advisory/ntap-20190404-0003/https://usn.ubuntu.com/3534-1/https://usn.ubuntu.com/3536-1/https://www.exploit-db.com/exploits/43775/https://www.exploit-db.com/exploits/44889/https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/http://www.securityfocus.com/bid/102525http://www.securitytracker.com/id/1040162