5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
GNU C Library is vulnerable to arbitrary code execution. An attacker could use the unsanitized LD_POINTER_GUARD
environment variable to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application. Affected is the function process_envvars
of the file elf/rtld.c
.
CPE | Name | Operator | Version |
---|---|---|---|
glibc | eq | 2.17__157.el7_3.2 | |
glibc | eq | 2.17__157.el7_3.1 | |
glibc | eq | 2.17__157.el7_3.4 | |
glibc | eq | 2.17__157.el7_3.2 | |
glibc | eq | 2.17__157.el7_3.1 | |
glibc | eq | 2.17__157.el7_3.4 |
hmarco.org/bugs/glibc_ptr_mangle_weakness.html
lists.fedoraproject.org/pipermail/package-announce/2016-February/177404.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00037.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00038.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00039.html
www.debian.org/security/2016/dsa-3480
www.openwall.com/lists/oss-security/2016/01/20/1
www.securityfocus.com/bid/81469
www.securitytracker.com/id/1034811
www.ubuntu.com/usn/USN-2985-1
www.ubuntu.com/usn/USN-2985-2
access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
access.redhat.com/errata/RHSA-2017:1916
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1213603
bugzilla.redhat.com/show_bug.cgi?id=1298975
bugzilla.redhat.com/show_bug.cgi?id=1318877
bugzilla.redhat.com/show_bug.cgi?id=1318890
bugzilla.redhat.com/show_bug.cgi?id=1322544
bugzilla.redhat.com/show_bug.cgi?id=1324568
bugzilla.redhat.com/show_bug.cgi?id=1325138
bugzilla.redhat.com/show_bug.cgi?id=1330705
bugzilla.redhat.com/show_bug.cgi?id=1338672
bugzilla.redhat.com/show_bug.cgi?id=1366569
bugzilla.redhat.com/show_bug.cgi?id=1370630
bugzilla.redhat.com/show_bug.cgi?id=1387874
bugzilla.redhat.com/show_bug.cgi?id=1392540
bugzilla.redhat.com/show_bug.cgi?id=1404435
bugzilla.redhat.com/show_bug.cgi?id=1417205
bugzilla.redhat.com/show_bug.cgi?id=1418978
bugzilla.redhat.com/show_bug.cgi?id=1421155
bugzilla.redhat.com/show_bug.cgi?id=1439165
bugzilla.redhat.com/show_bug.cgi?id=906468
security.gentoo.org/glsa/201702-11
sourceware.org/bugzilla/show_bug.cgi?id=18928
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N