CVE-2017-16997

Impact:
Moderate
Public Date:
2017-12-17
CWE:
CWE-470
Bugzilla:
1526865: CVE-2017-16997 glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries

The MITRE CVE dictionary describes this issue as:

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.

Find out more about CVE-2017-16997 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 7.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (glibc) RHSA-2018:3092 2018-10-30

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 compat-glibc Will not fix
Red Hat Enterprise Linux 6 compat-glibc Will not fix
Red Hat Enterprise Linux 6 glibc Will not fix
Red Hat Enterprise Linux 5 compat-glibc Will not fix
Red Hat Enterprise Linux 5 glibc Will not fix

Last Modified

CVE description copyright © 2017, The MITRE Corporation