CVE-2017-1000366

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
6.6
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
5.9
redhatenterprise_linux_server_aus
6.2
redhatenterprise_linux_server_aus
6.4
redhatenterprise_linux_server_aus
6.5
redhatenterprise_linux_server_aus
6.6
redhatenterprise_linux_server_aus
7.2
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_eus
6.2
redhatenterprise_linux_server_eus
6.5
redhatenterprise_linux_server_eus
6.7
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_long_life
5.9
redhatenterprise_linux_server_tus
6.5
redhatenterprise_linux_server_tus
6.6
redhatenterprise_linux_server_tus
7.2
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
novellsuse_linux_enterprise_desktop
12.0:sp2
novellsuse_linux_enterprise_point_of_sale
11.0:sp3
novellsuse_linux_enterprise_server
11.0:sp3
opensuseleap
42.2
suselinux_enterprise_software_development_kit
11.0:sp4
suselinux_enterprise_software_development_kit
12.0:sp2
gnuglibc
𝑥
≤ 2.25
debiandebian_linux
8.0
debiandebian_linux
9.0
mcafeeweb_gateway
𝑥
≤ 7.6.2.14
mcafeeweb_gateway
7.7.0.0 ≤
𝑥
≤ 7.7.2.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
zesty
dne
yakkety
dne
xenial
dne
trusty
Fixed 2.19-0ubuntu6.13
released
glibc
zesty
Fixed 2.24-9ubuntu2.2
released
yakkety
Fixed 2.24-3ubuntu2.2
released
xenial
Fixed 2.23-0ubuntu9
released
trusty
dne
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.debian.org/security/2017/dsa-3887
http://www.securityfocus.com/bid/99127
http://www.securitytracker.com/id/1038712
https://access.redhat.com/errata/RHSA-2017:1479
https://access.redhat.com/errata/RHSA-2017:1480
https://access.redhat.com/errata/RHSA-2017:1481
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://access.redhat.com/security/cve/CVE-2017-1000366
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://seclists.org/bugtraq/2019/Sep/7
https://security.gentoo.org/glsa/201706-19
https://www.exploit-db.com/exploits/42274/
https://www.exploit-db.com/exploits/42275/
https://www.exploit-db.com/exploits/42276/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://www.suse.com/security/cve/CVE-2017-1000366/
https://www.suse.com/support/kb/doc/?id=7020973
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.debian.org/security/2017/dsa-3887
http://www.securityfocus.com/bid/99127
http://www.securitytracker.com/id/1038712
https://access.redhat.com/errata/RHSA-2017:1479
https://access.redhat.com/errata/RHSA-2017:1480
https://access.redhat.com/errata/RHSA-2017:1481
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://access.redhat.com/security/cve/CVE-2017-1000366
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://seclists.org/bugtraq/2019/Sep/7
https://security.gentoo.org/glsa/201706-19
https://www.exploit-db.com/exploits/42274/
https://www.exploit-db.com/exploits/42275/
https://www.exploit-db.com/exploits/42276/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://www.suse.com/security/cve/CVE-2017-1000366/
https://www.suse.com/support/kb/doc/?id=7020973