CVE-2015-8984 in C Library
Summary
by MITRE
The fnmatch function in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash) via a malformed pattern, which triggers an out-of-bounds read.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/10/2020
The vulnerability identified as CVE-2015-8984 represents a critical flaw in the GNU C Library's fnmatch function implementation, affecting systems running glibc versions prior to 2.22. This issue manifests as a context-dependent denial of service condition that can be exploited by remote attackers to crash applications relying on the affected library. The vulnerability stems from improper input validation within the fnmatch function, which is commonly used for pattern matching operations in Unix-like operating systems. When processing malformed patterns, the function fails to properly bounds-check array accesses, leading to memory access violations that result in application crashes.
The technical root cause of this vulnerability lies in an out-of-bounds read condition that occurs during pattern parsing operations. The fnmatch function, which implements shell-style pattern matching according to POSIX standards, does not adequately validate the structure of input patterns before processing them. This flaw allows attackers to craft specially crafted patterns that cause the function to access memory locations beyond the allocated buffer boundaries. Such out-of-bounds memory access typically results in segmentation faults or access violations that terminate the executing process. The vulnerability is particularly concerning because fnmatch is a fundamental system call used by numerous applications and system utilities, making it a prime target for exploitation.
From an operational impact perspective, this vulnerability can be leveraged to perform denial of service attacks against applications that utilize the fnmatch function. Attackers can exploit this weakness by submitting maliciously formatted patterns to services that perform pattern matching operations, potentially causing system instability or complete service disruption. The vulnerability affects a wide range of applications including shell utilities, configuration management tools, and network services that rely on glibc's pattern matching capabilities. Given the widespread use of glibc across Linux distributions and Unix-like systems, the potential impact spans numerous platforms and service types, making this a significant security concern for system administrators and security professionals.
The vulnerability aligns with CWE-129, which addresses improper validation of array index values, and can be mapped to ATT&CK technique T1499.004 for network denial of service attacks. Organizations should prioritize patching affected systems to mitigate this risk, as the fix involves updating to glibc version 2.22 or later where proper bounds checking has been implemented. Security measures should include monitoring for unusual pattern matching operations and implementing input validation controls at application layers to provide additional defense-in-depth. System administrators should also consider implementing automated patch management processes to ensure timely deployment of security updates and prevent exploitation of this and similar vulnerabilities in their environments.