Lucene search

K
cveMitreCVE-2017-1000366
HistoryJun 19, 2017 - 4:29 p.m.

CVE-2017-1000366

2017-06-1916:29:00
CWE-119
mitre
web.nvd.nist.gov
233
glibc
vulnerability
ld_library_path
heap
stack
arbitrary code execution
nvd
cve-2017-1000366

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

26.8%

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Affected configurations

Nvd
Node
redhatenterprise_linuxMatch5server
OR
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linuxMatch7.0
OR
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_serverMatch6.6
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch5.9
OR
redhatenterprise_linux_server_ausMatch6.2
OR
redhatenterprise_linux_server_ausMatch6.4
OR
redhatenterprise_linux_server_ausMatch6.5
OR
redhatenterprise_linux_server_ausMatch6.6
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_ausMatch7.3
OR
redhatenterprise_linux_server_ausMatch7.4
OR
redhatenterprise_linux_server_ausMatch7.6
OR
redhatenterprise_linux_server_eusMatch6.2
OR
redhatenterprise_linux_server_eusMatch6.5
OR
redhatenterprise_linux_server_eusMatch6.7
OR
redhatenterprise_linux_server_eusMatch7.2
OR
redhatenterprise_linux_server_eusMatch7.3
OR
redhatenterprise_linux_server_eusMatch7.4
OR
redhatenterprise_linux_server_eusMatch7.5
OR
redhatenterprise_linux_server_eusMatch7.6
OR
redhatenterprise_linux_server_long_lifeMatch5.9
OR
redhatenterprise_linux_server_tusMatch6.5
OR
redhatenterprise_linux_server_tusMatch6.6
OR
redhatenterprise_linux_server_tusMatch7.2
OR
redhatenterprise_linux_server_tusMatch7.3
OR
redhatenterprise_linux_server_tusMatch7.6
OR
redhatenterprise_linux_workstationMatch6.0
OR
redhatenterprise_linux_workstationMatch7.0
Node
openstackcloud_magnum_orchestrationMatch7
OR
novellsuse_linux_enterprise_desktopMatch12.0sp2
OR
novellsuse_linux_enterprise_point_of_saleMatch11.0sp3
OR
novellsuse_linux_enterprise_serverMatch11.0sp3ltss
OR
opensuseleapMatch42.2
OR
suselinux_enterprise_for_sapMatch12sp1
OR
suselinux_enterprise_serverMatch10sp4ltss
OR
suselinux_enterprise_serverMatch11sp4
OR
suselinux_enterprise_serverMatch12sp1ltss
OR
suselinux_enterprise_serverMatch12sp2
OR
suselinux_enterprise_serverMatch12sp2ltss
OR
suselinux_enterprise_server_for_raspberry_piMatch12sp2
OR
suselinux_enterprise_software_development_kitMatch11.0sp4
OR
suselinux_enterprise_software_development_kitMatch12.0sp2
Node
gnuglibcRange2.25
Node
debiandebian_linuxMatch8.0
OR
debiandebian_linuxMatch9.0
Node
mcafeeweb_gatewayRange7.6.2.14
OR
mcafeeweb_gatewayRange7.7.0.07.7.2.2
VendorProductVersionCPE
redhatenterprise_linux5cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
redhatenterprise_linux6.0cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop7.0cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.6cpe:2.3:o:redhat:enterprise_linux_server:6.6:*:*:*:*:*:*:*
redhatenterprise_linux_server7.0cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus5.9cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus6.2cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 511

References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

26.8%