Lucene search

K
ubuntucveUbuntu.comUB:CVE-2017-1000366
HistoryJun 19, 2017 - 12:00 a.m.

CVE-2017-1000366

2017-06-1900:00:00
ubuntu.com
ubuntu.com
44

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.8%

glibc contains a vulnerability that allows specially crafted
LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias,
potentially resulting in arbitrary code execution. Please note that
additional hardening changes have been made to glibc to prevent
manipulation of stack and heap memory but these issues are not directly
exploitable, as such they have not been given a CVE. This affects glibc
2.25 and earlier.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarcheglibc< 2.19-0ubuntu6.13UNKNOWN
ubuntu16.04noarchglibc< 2.23-0ubuntu9UNKNOWN
ubuntu16.10noarchglibc< 2.24-3ubuntu2.2UNKNOWN
ubuntu17.04noarchglibc< 2.24-9ubuntu2.2UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.8%