A Vulnerability in GNU C Library Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2020-105

DATE(S) ISSUED:

08/04/2020

OVERVIEW:

A vulnerability has been discovered in the GNU C Library (glibc), which could allow for remote code execution. This library is required in all modern distributions of Linux as it defines the system calls and other basic facilities used in the Linux kernel. Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • GNU C Library versions 2.32 and prior

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

A vulnerability has been discovered in the GNU C Library (glibc), which could allow for remote code execution. Specifically, this is a stack-based-buffer-overflow due to the ieee754_rem_pio2l() function’s failure to validate pseudo-zero values. This vulnerability can be exploited when the system processes maliciously crafted data.

Successful exploitation of this vulnerability could allow an attacker to execute remote code in the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by the affected *nix distribution to the vulnerable systems after appropriate testing.
  • Verify no unauthorized system modifications have occurred on the system before applying the patch.
  • Run all software as non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Related Resources



Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0

Pencil Webinar 19 Jan 2021
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0