CVE-2017-15671 in C Library
Summary
by MITRE
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 11/27/2019
The vulnerability identified as CVE-2017-15671 represents a critical memory management flaw within the GNU C Library that affects systems running versions prior to 2.27. This issue specifically impacts the glob function implementation in glob.c, which is responsible for pattern matching operations commonly used in shell expansions and file system operations. The vulnerability manifests when the GLOB_TILDE flag is utilized, triggering a specific code path that fails to properly release allocated memory resources. The flaw is particularly concerning because it operates within a fundamental system library that countless applications depend upon, making it a widespread potential attack vector across multiple software domains.
The technical root cause of this vulnerability lies in the improper memory deallocation logic within the glob function when processing tilde expansion with extended user names. When GLOB_TILDE is specified, the function attempts to expand the ~ character to the user's home directory, but due to a flaw in the memory management code, allocated memory structures are not consistently freed during the processing of long user names. This memory leak occurs in a loop or iterative processing pattern where each iteration allocates memory for user name handling but fails to properly clean up previous allocations. The vulnerability is classified as a memory leak under CWE-401, specifically categorized as an insufficient cleanup of memory resources. The flaw demonstrates characteristics of a resource leak that can be exploited to consume system memory over time, potentially leading to system instability or denial of service conditions.
The operational impact of this vulnerability extends far beyond simple memory consumption, as it can be leveraged by malicious actors to perform denial of service attacks against systems running vulnerable glibc versions. Attackers can craft specific input patterns that trigger the memory leak condition repeatedly, causing progressive memory exhaustion on targeted systems. This vulnerability affects any application that utilizes the glob function with GLOB_TILDE flag, which includes shell utilities, file managers, system administration tools, and numerous other applications that depend on standard C library functions. The implications are particularly severe in server environments where continuous processing of user input might occur, as the memory leak can accumulate over time until system resources are exhausted. From an adversarial perspective, this vulnerability aligns with ATT&CK technique T1499.004 for Network Denial of Service and can be classified under ATT&CK tactic TA0040 for Resource Hijacking, as it consumes system resources to degrade service availability.
System administrators and security professionals should prioritize immediate patching of all systems running glibc versions prior to 2.27, as this vulnerability can be exploited without authentication and requires no special privileges to trigger. The mitigation strategy involves updating to glibc version 2.27 or later, which contains the necessary fixes to ensure proper memory cleanup during tilde expansion operations. Additionally, organizations should implement monitoring for unusual memory consumption patterns that might indicate exploitation attempts, particularly in systems that process user input through glob functions. Regular security assessments should verify that all system libraries are updated to their latest secure versions, as this vulnerability represents a common vector for attackers seeking to disrupt system availability. The fix implemented in glibc 2.27 ensures proper memory deallocation regardless of user name length, eliminating the conditions that previously led to the memory leak scenario.