CVE-2018-1000001
CVE-2018-1000001
In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.
Produtos afetados
n/a · n/aPoCs públicas encontradas — 6
githubgithub.com/0x00-0x00/CVE-2018-1000001★ 31githubgithub.com/usernameid0/tools-for-CVE-2018-1000001★ 0cve_referencewww.exploit-db.com/exploits/43775/não verificadocve_referencewww.exploit-db.com/exploits/44889/não verificadoexploitdbwww.exploit-db.com/exploits/44889não verificadoexploitdbwww.exploit-db.com/exploits/43775não verificado⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2018:0805http://seclists.org/oss-sec/2018/q1/38https://security.netapp.com/advisory/ntap-20190404-0003/https://usn.ubuntu.com/3534-1/https://usn.ubuntu.com/3536-1/https://www.exploit-db.com/exploits/43775/https://www.exploit-db.com/exploits/44889/https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/http://www.securityfocus.com/bid/102525http://www.securitytracker.com/id/1040162