ID CVE-2018-6485
Summary An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.
References
Vulnerable Configurations
  • GNU glibc 2.26
    cpe:2.3:a:gnu:glibc:2.26
  • Red Hat Virtualization Host 4.0
    cpe:2.3:a:redhat:virtualization_host:4.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
  • Oracle Communications Session Border Controller 8.0.0
    cpe:2.3:a:oracle:communications_session_border_controller:8.0.0
  • Oracle Communications Session Border Controller 8.1.0
    cpe:2.3:a:oracle:communications_session_border_controller:8.1.0
  • Oracle Communications Session Border Controller 8.2.0
    cpe:2.3:a:oracle:communications_session_border_controller:8.2.0
  • cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0
    cpe:2.3:a:oracle:enterprise_communications_broker:3.0.0
  • cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0
    cpe:2.3:a:oracle:enterprise_communications_broker:3.1.0
  • cpe:2.3:a:netapp:cloud_backup
    cpe:2.3:a:netapp:cloud_backup
  • cpe:2.3:a:netapp:data_ontap_edge
    cpe:2.3:a:netapp:data_ontap_edge
  • cpe:2.3:a:netapp:element_software
    cpe:2.3:a:netapp:element_software
  • cpe:2.3:a:netapp:element_software_management
    cpe:2.3:a:netapp:element_software_management
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage
  • cpe:2.3:a:netapp:vasa_provider:6.x:-:-:-:-:clustered_data_ontap
    cpe:2.3:a:netapp:vasa_provider:6.x:-:-:-:-:clustered_data_ontap
  • cpe:2.3:a:netapp:virtual_storage_console
    cpe:2.3:a:netapp:virtual_storage_console
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0111.NASL
    description An update of 'glibc' packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111921
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111921
    title Photon OS 1.0: Glibc PHSA-2018-1.0-0111 (deprecated)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0020.NASL
    description An update of {'glibc'} packages of Photon OS has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 111289
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111289
    title Photon OS 2.0 : glibc (PhotonOS-PHSA-2018-2.0-0020) (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0451-1.NASL
    description This update for glibc fixes the following issues: Security issues fixed : - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293) Non security bugs fixed : - Release read lock after resetting timeout (bsc#1073990) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106865
    published 2018-02-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106865
    title SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2018:0451-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201804-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201804-02 (glibc: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary code, escalate privileges, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-13
    plugin id 108822
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108822
    title GLSA-201804-02 : glibc: Multiple vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-3092.NASL
    description An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 118992
    published 2018-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118992
    title CentOS 7 : glibc (CESA-2018:3092)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0111_GLIBC.NASL
    description An update of the glibc package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121812
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121812
    title Photon OS 1.0: Glibc PHSA-2018-1.0-0111
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-1CBDC8CBB8.NASL
    description This update fixes two minor security vulnerabilities in `malloc` (CVE-2018-6485, CVE-2018-6551, RHBZ#1542102, RHBZ#1542119), and provides a C++ version of `iseqsig`. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-07
    plugin id 107158
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107158
    title Fedora 27 : glibc (2018-1cbdc8cbb8)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-184.NASL
    description This update for glibc fixes the following issues : Security issues fixed : - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area (bsc#1074293) Non security bugs fixed : - Release read lock after resetting timeout (bsc#1073990) This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen 2019-02-21
    modified 2018-06-13
    plugin id 106916
    published 2018-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106916
    title openSUSE Security Update : glibc (openSUSE-2018-184)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0565-1.NASL
    description This update for glibc fixes the following issues: Security issues : - CVE-2017-8804: Fix memory leak after deserialization failure in xdr_bytes, xdr_string (bsc#1037930) - CVE-2017-12132: Reduce EDNS payload size to 1200 bytes (bsc#1051791) - CVE-2018-6485,CVE-2018-6551: Fix integer overflows in internal memalign and malloc functions (bsc#1079036) - CVE-2018-1000001: Avoid underflow of malloced area in realpath (bsc#1074293) Also a non security issue was fixed : - Do not fail if one of the two responses to AF_UNSPEC fails (bsc#978209) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 107086
    published 2018-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107086
    title SUSE SLES11 Security Update : glibc (SUSE-SU-2018:0565-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-3092.NASL
    description An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 118527
    published 2018-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118527
    title RHEL 7 : glibc (RHSA-2018:3092)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0020_GLIBC.NASL
    description An update of the glibc package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121924
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121924
    title Photon OS 2.0: Glibc PHSA-2018-2.0-0020
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-1109.NASL
    description A buffer overflow has been discovered in the GNU C Library (aka glibc or libc6) in the __mempcpy_avx512_no_vzeroupper function when particular conditions are met. An attacker could use this vulnerability to cause a denial of service or potentially execute code.(CVE-2018-11237) elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the './' directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.(CVE-2017-16997) stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.(CVE-2018-6485)
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 119468
    published 2018-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119468
    title Amazon Linux AMI : glibc (ALAS-2018-1109)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1025.NASL
    description According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.(CVE-2018-6485) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 122172
    published 2019-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122172
    title EulerOS 2.0 SP5 : glibc (EulerOS-SA-2019-1025)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20181030_GLIBC_ON_SL7_X.NASL
    description Security Fix(es) : - glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) - glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) - glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) - glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 119182
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119182
    title Scientific Linux Security Update : glibc on SL7.x x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1024.NASL
    description According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.(CVE-2018-6485) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-14
    plugin id 122171
    published 2019-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122171
    title EulerOS 2.0 SP3 : glibc (EulerOS-SA-2019-1024)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2019-1050.NASL
    description According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.(CVE-2018-6485) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-23
    modified 2019-02-22
    plugin id 122377
    published 2019-02-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122377
    title EulerOS 2.0 SP2 : glibc (EulerOS-SA-2019-1050)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-992.NASL
    description Integer overflow in malloc functions : The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption. (CVE-2018-6551) Integer overflow in posix_memalign in memalign functions : An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. (CVE-2018-6485)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 109141
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109141
    title Amazon Linux 2 : glibc (ALAS-2018-992)
redhat via4
advisories
  • rhsa
    id RHBA-2019:0327
  • rhsa
    id RHSA-2018:3092
rpms
  • glibc-0:2.17-260.el7
  • glibc-common-0:2.17-260.el7
  • glibc-devel-0:2.17-260.el7
  • glibc-headers-0:2.17-260.el7
  • glibc-static-0:2.17-260.el7
  • glibc-utils-0:2.17-260.el7
  • nscd-0:2.17-260.el7
refmap via4
bid 102912
confirm
misc https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Last major update 01-02-2018 - 09:29
Published 01-02-2018 - 09:29
Last modified 26-04-2019 - 08:42
Back to Top