search

aliasrobotics / RVD

Robot Vulnerability Database. An archive of robot vulnerabilities and bugs.
https://aliasrobotics.com
GNU General Public License v3.0
175 stars 31 forks source link

RVD#1455: A buffer overflow in glibc 2.5 which can be triggered through the LD_LIBRARY_PATH environment variable #1455

Open rvd-bot opened 4 years ago

rvd-bot commented 4 years ago 
{
    "id": 1455,
    "title": "RVD#1455: A buffer overflow in glibc 2.5 which can be triggered through the LD_LIBRARY_PATH environment variable",
    "type": "vulnerability",
    "description": "A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.",
    "cwe": "CWE-119",
    "cve": "CVE-2017-1000409",
    "keywords": [
        "LD_LIBRARY_PATH",
        "glibc",
        "Universal Robots"
    ],
    "system": "URx",
    "vendor": "Universal Robots",
    "severity": {
        "rvss-score": 9.6,
        "rvss-vector": "RVSS:1.0/AV:AN/AC:L/PR:N/UI:N/Y:T/S:U/C:H/I:H/A:H/H:U",
        "severity-description": "critical",
        "cvss-score": 9.8,
        "cvss-vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
    },
    "links": [
        "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000409",
        "https://www.exploit-db.com/exploits/43331",
        "https://seclists.org/oss-sec/2017/q4/385",
        "https://github.com/aliasrobotics/RVD/issues/1455"
    ],
    "flaw": {
        "phase": "explotation",
        "specificity": "general issue",
        "architectural-location": "platform code",
        "application": "industrial robot manipulator",
        "subsystem": "manipulation:actuation",
        "package": "libc6 2.19-11 i386",
        "languages": "C",
        "date-detected": null,
        "detected-by": "Victor Mayoral Vilches and Lander Usategui San Juan (Alias Robotics)",
        "detected-by-method": "testing",
        "date-reported": "2020-04-02",
        "reported-by": "V\u00edctor Mayoral Vilches",
        "reported-by-relationship": "security researcher",
        "issue": "https://github.com/aliasrobotics/RVD/issues/1455",
        "reproducibility": "always",
        "trace": "N/A",
        "reproduction": "Not available",
        "reproduction-image": "Not available"
    },
    "exploitation": {
        "description": "Buffer overflow in glibc's ld.so. Researchers discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc). See https://www.exploit-db.com/exploits/43331 for a PoC available.",
        "exploitation-image": "Not available",
        "exploitation-vector": "Not available"
    },
    "mitigation": {
        "description": "sudo apt-get --assume-yes install --only-upgrade libc6",
        "pull-request": "Not available",
        "date-mitigation": null
    }
}
vmayoral commented 4 years ago

I'm keeping the triage label in here because I didn't have time yet to review if this is applicable in SW 1.12.1 and other previous versions of the CB3.1 control box.