Vulnerability CVE-2020-1752: Information
Description
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
Severity: HIGH (7.0) Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
glibc | sisyphus | 2.30-alt2 | 2.38.0.76.e9f05fa1c6-alt1 | ALT-PU-2020-2070-1 | 252278 | Fixed |
glibc | sisyphus_e2k | 2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.2 | 2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4 | ALT-PU-2024-1492-1 | - | Fixed |
glibc | sisyphus_riscv64 | 2.34.0.39.024a7-alt1.rv64 | 2.38.0.66.ge1135387de-alt1 | ALT-PU-2021-4728-1 | - | Fixed |
glibc | p10 | 2.30-alt2 | 2.32-alt5.p10.3 | ALT-PU-2020-2070-1 | 252278 | Fixed |
glibc | p9 | 2.27-alt13 | 2.27-alt14 | ALT-PU-2020-3401-1 | 261868 | Fixed |
glibc | c10f1 | 2.30-alt2 | 2.32-alt5.p10.3 | ALT-PU-2020-2070-1 | 252278 | Fixed |
glibc | c9f2 | 2.27-alt13 | 2.27-alt14 | ALT-PU-2020-3327-1 | 261895 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752 |
|
https://sourceware.org/bugzilla/show_bug.cgi?id=25414 |
|
https://security.netapp.com/advisory/ntap-20200511-0005/ |
|
USN-4416-1 |
|
GLSA-202101-20 |
|
[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update |
|
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ddc650e9b3dc916eab417ce9f79e67337b05035c | |
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 | |
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 |