Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM441E5A75C157FB63BEB435EE7C8DC42622360C6AF4CD1F02C86A4C02D289DBED
HistoryJan 25, 2019 - 12:20 p.m.

Security Bulletin: Public disclosed GNU glibc vulnerabilities used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-16997 CVE-2018-1000001)

2019-01-2512:20:01
www.ibm.com
9

0.005 Low

EPSS

Percentile

77.0%

JSON

Summary

There are public disclosed vulnerabilities from GNU glibc that are used by the OS Images for IBM PureApplication System.
To address the vulnerabilities in response to CVE-2017-16997 and CVE-2018-1000001, IBM has released Version 2.2.5.3 for IBM PureApplication System, which includes IBM OS images for Red Hat Linux Systems based deployments.

Vulnerability Details

CVEID: CVE-2017-16997 DESCRIPTION: GNU C Library could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the elf/dl-load.c. By using a Trojan horse library, an attacker could exploit this vulnerability to gain elevated privileges on the system.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136491&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-1000001 DESCRIPTION: Glibc could allow a local attacker to execute arbitrary code on the system, caused by a buffer underflow in the __realpath() function in stdlib/canonicalize.c. An attacker could exploit this vulnerability to execute arbitrary code on the system and obtain privileges.
CVSS Base Score: 8.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137516&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

For IBM PureApplication:

IBM OS Image for Red Hat Linux Systems 3.0.8.0
IBM OS Image for Red Hat Linux Systems 3.0.9.0

For IBM PureApplication:

IBM PureApplication System V2.2.3.0
IBM PureApplication System V2.2.3.1
IBM PureApplication System V2.2.3.2
IBM PureApplication System V2.2.4.0
IBM PureApplication System V2.2.5.0
IBM PureApplication System V2.2.5.1
IBM PureApplication System V2.2.5.2

Remediation/Fixes

Note: Upgrade to at least IBM PureApplication System V2.2.5.0.

Visit IBM Fix Central to download the fixes for Linux.

Alternatively, for CVE-2018-1000001, the solution is to upgrade the IBM PureApplication System to the following fix level:

IBM PureApplication V2.2.5.3.

IBM recommends upgrading to a fixed, supported version of the product. Contact IBM for assistance.

Information on upgrading can be found here: <http://www-01.ibm.com/support/docview.wss?uid=swg27039159&gt;

Workarounds and Mitigations

None

Related

mageia 2
openvas 28
nessus 46
fedora 6
redhatcve 2
ibm 9
ubuntucve 2
osv 3
cvelist 2
prion 2
debiancve 2
cve 2
suse 8
altlinux 1
photon 8
packetstorm 2
nvd 2
f5 2
metasploit 1
archlinux 2
veracode 2
seebug 1
ubuntu 3
attackerkb 1
exploitdb 1
cloudfoundry 1
gentoo 1
amazon 2
oraclelinux 4
centos 2
redhat 2
hackerone 1
mageia
mageia
Updated glibc packages fix security vulnerabilities
2018-01-25 15:47:25
Updated glibc packages fix security vulnerabilities
2018-01-25 15:47:25
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0096)
2022-01-28 00:00:00
Fedora Update for glibc FEDORA-2018-7714b514e2
2018-01-24 00:00:00
Mageia: Security Advisory (MGASA-2018-0098)
2022-01-28 00:00:00
nessus
nessus
Fedora 27 : glibc (2018-7714b514e2)
2018-01-24 00:00:00
Fedora 26 : glibc (2018-8e27ad96ed)
2018-01-24 00:00:00
Photon OS 1.0: Glibc PHSA-2018-1.0-0098-(a)
2019-02-07 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: glibc-2.26-24.fc27
2018-01-23 21:52:52
[SECURITY] Fedora 26 Update: glibc-2.25-13.fc26
2018-01-23 21:22:41
[SECURITY] Fedora 27 Update: glibc-arm-linux-gnu-2.26-4.fc27
2018-03-22 17:00:12
redhatcve
redhatcve
CVE-2017-16997
2017-12-18 05:20:42
CVE-2018-1000001
2020-04-05 16:57:22
ibm
ibm
Security Bulletin: IBM Security Proventia Network Active Bypass is affected by glibc vulnerabilities (CVE-2018-1000001, CVE-2017-16997, CVE-2017-1000408, CVE-2017-1000409, CVE-2017-17426)
2018-08-29 03:18:43
Security Bulletin: Vulnerabiliies in glibc affect PowerKVM
2019-03-04 05:55:02
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by vulnerabilities in GNU C Library
2018-07-30 22:39:19
ubuntucve
ubuntucve
CVE-2017-16997
2017-12-17 00:00:00
CVE-2018-1000001
2018-01-11 00:00:00
osv
osv
CVE-2017-16997
2017-12-18 01:29:00
CVE-2018-1000001
2018-01-31 14:29:00
musl vulnerabilities
2021-03-15 20:10:13
cvelist
cvelist
CVE-2017-16997
2017-12-18 01:00:00
CVE-2018-1000001
2018-01-31 14:00:00
prion
prion
Design/Logic Flaw
2017-12-18 01:29:00
Type confusion
2018-01-31 14:29:00
debiancve
debiancve
CVE-2017-16997
2017-12-18 01:29:00
CVE-2018-1000001
2018-01-31 14:29:00
cve
cve
CVE-2017-16997
2017-12-18 01:29:00
CVE-2018-1000001
2018-01-31 14:29:00
suse
suse
Security update for glibc (important)
2018-01-12 15:07:53
Security update for glibc (important)
2018-01-12 15:12:00
Security update for glibc (important)
2018-01-12 15:10:02
altlinux
altlinux
Security fix for the ALT Linux 9 package glibc version 6:2.26.0.131.fabef2e-alt1
2018-01-12 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0018
2018-02-26 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0098-A
2018-01-11 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0011-A
2018-01-11 00:00:00
packetstorm
packetstorm
glibc 'realpath()' Privilege Escalation
2018-06-12 00:00:00
glibc getcwd() Local Privilege Escalation
2018-01-18 00:00:00
nvd
nvd
CVE-2018-1000001
2018-01-31 14:29:00
CVE-2017-16997
2017-12-18 01:29:00
f5
f5
K12896623 : glibc vulnerability CVE-2018-1000001
2018-03-09 00:00:00
K43546166 : glibc vulnerability CVE-2017-16997
2018-12-11 00:00:00
metasploit
metasploit
glibc 'realpath()' Privilege Escalation
2018-05-26 21:25:59
archlinux
archlinux
[ASA-201801-18] glibc: privilege escalation
2018-01-28 00:00:00
[ASA-201801-19] lib32-glibc: privilege escalation
2018-01-28 00:00:00
veracode
veracode
Privilege Escalation
2019-01-15 09:25:27
Arbitrary Code Execution
2019-05-16 02:50:43
seebug
seebug
Libc RealpathηΌ“ε†²εŒΊδΈ‹ζΊ’ζΌζ΄ž(CVE-2018-1000001)
2018-01-26 00:00:00
ubuntu
ubuntu
GNU C Library vulnerability
2018-01-17 00:00:00
GNU C Library vulnerabilities
2018-01-17 00:00:00
musl vulnerabilities
2021-03-15 00:00:00
attackerkb
attackerkb
CVE-2018-1000001
2018-01-31 00:00:00
exploitdb
exploitdb
glibc - &#039;realpath()&#039; Privilege Escalation (Metasploit)
2018-06-13 00:00:00
cloudfoundry
cloudfoundry
USN-3534-1: GNU C Library vulnerabilities | Cloud Foundry
2018-02-01 00:00:00
gentoo
gentoo
glibc: Multiple vulnerabilities
2018-04-04 00:00:00
amazon
amazon
Medium: glibc
2018-12-06 00:24:00
Important: glibc
2018-05-10 17:45:00
oraclelinux
oraclelinux
glibc security, bug fix, and enhancement update
2018-11-05 00:00:00
glibc security update
2018-11-06 00:00:00
glibc security update
2018-04-18 00:00:00
centos
centos
glibc, nscd security update
2018-11-15 18:45:43
glibc, nscd security update
2018-04-26 17:41:43
redhat
redhat
(RHSA-2018:3092) Moderate: glibc security, bug fix, and enhancement update
2018-10-30 04:18:01
(RHSA-2018:0805) Moderate: glibc security, bug fix, and enhancement update
2018-04-10 05:01:26
hackerone
hackerone
GitLab: Container scanning and Dependency scanning report leaked to unauthorized users
2019-08-19 22:30:30

0.005 Low

EPSS

Percentile

77.0%

JSON
Related for 441E5A75C157FB63BEB435EE7C8DC42622360C6AF4CD1F02C86A4C02D289DBED
mageia2openvas28nessus46fedora6redhatcve2ibm9ubuntucve2osv3cvelist2prion2debiancve2cve2suse8altlinux1photon8packetstorm2nvd2f52metasploit1archlinux2veracode2seebug1ubuntu3attackerkb1exploitdb1cloudfoundry1gentoo1amazon2oraclelinux4centos2redhat2hackerone1