CVE-2022-23218
📋 TL;DR
A buffer overflow vulnerability in glibc's sunrpc module allows attackers to execute arbitrary code or cause denial of service. This affects applications using the deprecated svcunix_create function on systems with glibc versions up to 2.34. The vulnerability is particularly dangerous when applications are compiled without stack protection.
💻 Affected Systems
- GNU C Library (glibc)
📦 What is this software?
Communications Cloud Native Core Unified Data Repository by Oracle
View all CVEs affecting Communications Cloud Native Core Unified Data Repository →
Glibc by Gnu
The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.
Learn more about Glibc →⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with root privileges if exploited in internet-facing services using the vulnerable function without stack protection.
Likely Case
Denial of service crashes in applications using the deprecated sunrpc functionality, potentially leading to service disruption.
If Mitigated
Limited impact due to the function being deprecated and many modern applications not using it, with stack protectors preventing code execution.
🎯 Exploit Status
Exploitation requires targeting applications that use the vulnerable function. The buffer overflow is straightforward but requires specific application conditions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: glibc 2.35 and later
Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=28768
Restart Required: Yes
Instructions:
1. Update glibc to version 2.35 or later using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade libc6. 3. For RHEL/CentOS: sudo yum update glibc. 4. Reboot or restart affected services.
🔧 Temporary Workarounds
Disable vulnerable applications
linuxIdentify and disable applications using the deprecated svcunix_create function
Use ldd and strace to identify applications linking to sunrpc
Check for RPC service usage: rpcinfo -p
Compile with stack protection
linuxEnsure all applications are compiled with stack protection enabled (-fstack-protector)
Add -fstack-protector-all to CFLAGS in build configurations
🧯 If You Can't Patch
- Implement strict network controls to limit access to services using sunrpc
- Monitor for crashes or abnormal behavior in applications that might use the deprecated function
🔍 How to Verify
Check if Vulnerable:
Check glibc version: ldd --version | head -1. If version is 2.34 or earlier, check if any applications use sunrpc: ldd /path/to/binary | grep libc.soCheck Version:
ldd --version | head -1Verify Fix Applied:
Verify glibc version is 2.35 or later: ldd --version | head -1📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults
- Core dumps from services using RPC/sunrpc
Network Indicators:
- Unusual RPC traffic patterns
- Exploit attempts targeting portmapper or RPC services
SIEM Query:
source="application_logs" AND ("segmentation fault" OR "core dumped") AND process="*rpc*"🔗 References
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://security.gentoo.org/glsa/202208-24
- https://sourceware.org/bugzilla/show_bug.cgi?id=28768
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://security.gentoo.org/glsa/202208-24
- https://sourceware.org/bugzilla/show_bug.cgi?id=28768
- https://www.oracle.com/security-alerts/cpujul2022.html
