Oval Definition:oval:com.ubuntu.trusty:def:20181000001000
Revision Date:2018-01-31Version:1
Title:CVE-2018-1000001 on Ubuntu 14.04 LTS (trusty) - high.
Description:In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution. libc does not account for all the possible return values from the kernel getcwd(2) syscall; arbitrary code execution may result from applications making further assumptions on the return value from the getcwd(3) libary function.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-1000001
Platform(s):Ubuntu 14.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 14.04 LTS (trusty) is installed.
  • AND Package Information
  • The vulnerability of the 'dietlibc' package in trusty is not known (status: 'needs-triage'). It is pending evaluation.
  • OR The 'eglibc' package in trusty was vulnerable but has been fixed (note: '2.19-0ubuntu6.14').
  • OR The 'musl' package in trusty is affected and needs fixing.
  • BACK