Back to the Overview

CVE in glibc: Embedded Linux ELinOS not affected

ELinOS, Linux, Security

Three critical security vulnerabilities have been discovered in the GNU C library (glibc), which is important for Linux systems. SYSGO's Embedded Linux ELinOS is not affected.

The vulnerabilities found can be used to gain local root rights. The __vsyslog_internal() function is affected. This is part of the syslog API, which allows applications to log messages with different priority levels, which can then be used by system administrators for monitoring and troubleshooting.

The vulnerability can be exploited to cause a heap memory buffer overflow. The following command can be used to check whether systems are affected via Bash:

(exec -a "`printf '%0128000x' 1`" /usr/bin/su < /dev/null)

The vulnerability was found in several versions of Debian, Ubuntu and Fedora.

Learn more about the security concept of ELinOS here: www.sysgo.com/embedded-linux-security