Impact
What kind of vulnerability is it? Who is impacted?
A potential buffer overflow issue was discovered in the libscap library. The issue was due to the insecure usage of the sprintf function with an unbounded string formatter. Although exploiting this kind of issue in a meaningful way is most likely rather difficult,
using sprintf without a properly bounded use of the string formatter can represent a security problem.
Users using Falco versions before 0.18.0 are impacted.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by commit 260f458 on Aug 2, 2019.
Users should upgrade to Falco 0.18.0 or later, or to a libscap containing this patch.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No workaround available, a version upgrade to Falco 0.18.0 or later is needed.
References
Are there any links users can visit to find out more?
The affected code (before the patch) was:
|
char* p = getenv("SYSDIG_HOST_ROOT"); |
|
static char env_str[SCAP_MAX_PATH_SIZE + 1]; |
|
char filename[SCAP_MAX_PATH_SIZE]; |
|
sprintf(filename, "%s/dev/" PROBE_DEVICE_NAME "%d", scap_get_host_root(), all_scanned_devs); |
For more information
If you have any questions or comments about this advisory:
leodido Analyst
Impact
What kind of vulnerability is it? Who is impacted?
A potential buffer overflow issue was discovered in the libscap library. The issue was due to the insecure usage of the
sprintffunction with an unbounded string formatter. Although exploiting this kind of issue in a meaningful way is most likely rather difficult,using
sprintfwithout a properly bounded use of the string formatter can represent a security problem.Users using Falco versions before 0.18.0 are impacted.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been addressed by commit 260f458 on Aug 2, 2019.
Users should upgrade to Falco 0.18.0 or later, or to a libscap containing this patch.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No workaround available, a version upgrade to Falco 0.18.0 or later is needed.
References
Are there any links users can visit to find out more?
The affected code (before the patch) was:
libs/userspace/libscap/scap.c
Lines 1788 to 1789 in 6dc5261
libs/userspace/libscap/scap.c
Line 127 in 6dc5261
libs/userspace/libscap/scap.c
Line 317 in 6dc5261
For more information
If you have any questions or comments about this advisory: