CVE-2017-1000366

EUVD-2017-1525
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
6.6
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
5.9
redhatenterprise_linux_server_aus
6.2
redhatenterprise_linux_server_aus
6.4
redhatenterprise_linux_server_aus
6.5
redhatenterprise_linux_server_aus
6.6
redhatenterprise_linux_server_aus
7.2
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
6.2
redhatenterprise_linux_server_eus
6.5
redhatenterprise_linux_server_eus
6.7
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_long_life
5.9
redhatenterprise_linux_server_tus
6.5
redhatenterprise_linux_server_tus
6.6
redhatenterprise_linux_server_tus
7.2
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
novellsuse_linux_enterprise_desktop
12.0:sp2
novellsuse_linux_enterprise_point_of_sale
11.0:sp3
novellsuse_linux_enterprise_server
11.0:sp3
opensuseleap
42.2
suselinux_enterprise_software_development_kit
11.0:sp4
suselinux_enterprise_software_development_kit
12.0:sp2
gnuglibc
𝑥
≤ 2.25
debiandebian_linux
8.0
debiandebian_linux
9.0
mcafeeweb_gateway
𝑥
≤ 7.6.2.14
mcafeeweb_gateway
7.7.0.0 ≤
𝑥
≤ 7.7.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
trusty
Fixed 2.19-0ubuntu6.13
released
xenial
dne
yakkety
dne
zesty
dne
glibc
trusty
dne
xenial
Fixed 2.23-0ubuntu9
released
yakkety
Fixed 2.24-3ubuntu2.2
released
zesty
Fixed 2.24-9ubuntu2.2
released
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.debian.org/security/2017/dsa-3887
http://www.securityfocus.com/bid/99127
http://www.securitytracker.com/id/1038712
https://access.redhat.com/errata/RHSA-2017:1479
https://access.redhat.com/errata/RHSA-2017:1480
https://access.redhat.com/errata/RHSA-2017:1481
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://access.redhat.com/security/cve/CVE-2017-1000366
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://seclists.org/bugtraq/2019/Sep/7
https://security.gentoo.org/glsa/201706-19
https://www.exploit-db.com/exploits/42274/
https://www.exploit-db.com/exploits/42275/
https://www.exploit-db.com/exploits/42276/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://www.suse.com/security/cve/CVE-2017-1000366/
https://www.suse.com/support/kb/doc/?id=7020973
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.debian.org/security/2017/dsa-3887
http://www.securityfocus.com/bid/99127
http://www.securitytracker.com/id/1038712
https://access.redhat.com/errata/RHSA-2017:1479
https://access.redhat.com/errata/RHSA-2017:1480
https://access.redhat.com/errata/RHSA-2017:1481
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://access.redhat.com/security/cve/CVE-2017-1000366
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://seclists.org/bugtraq/2019/Sep/7
https://security.gentoo.org/glsa/201706-19
https://www.exploit-db.com/exploits/42274/
https://www.exploit-db.com/exploits/42275/
https://www.exploit-db.com/exploits/42276/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://www.suse.com/security/cve/CVE-2017-1000366/
https://www.suse.com/support/kb/doc/?id=7020973