Vulnerability Details : CVE-2017-1000366
Potential exploit
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
Vulnerability category: Overflow
Products affected by CVE-2017-1000366
- cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_long_life:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_for_sap:12:sp1:*:*:*:*:*:*
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:cloud_magnum_orchestration:7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1000366
8.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1000366
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-1000366
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000366
-
https://www.suse.com/security/cve/CVE-2017-1000366/
CVE-2017-1000366 | SUSEThird Party Advisory
-
http://seclists.org/fulldisclosure/2019/Sep/7
Full Disclosure: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
-
https://access.redhat.com/errata/RHSA-2017:1481
RHSA-2017:1481 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1567
RHSA-2017:1567 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1480
RHSA-2017:1480 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1038712
Glibc Stack/Heap Memory Allocation Error Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.suse.com/support/kb/doc/?id=7020973
SUSE products and a new security bug class referred to as "Stack Clash". | Support | SUSEThird Party Advisory
-
https://access.redhat.com/security/cve/CVE-2017-1000366
CVE-2017-1000366 - Red Hat Customer PortalThird Party Advisory
-
https://security.gentoo.org/glsa/201706-19
GNU C Library: Multiple vulnerabilities (GLSA 201706-19) — Gentoo securityThird Party Advisory
-
https://seclists.org/bugtraq/2019/Sep/7
Bugtraq: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X
-
https://www.exploit-db.com/exploits/42274/
Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege EscalationThird Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox ≈ Packet Storm
-
http://www.debian.org/security/2017/dsa-3887
Debian -- Security Information -- DSA-3887-1 glibcThird Party Advisory
-
https://www.exploit-db.com/exploits/42275/
Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege EscalationThird Party Advisory;VDB Entry
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
McAfee Security Bulletin - Web Gateway update fixes vulnerabilities CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and CVE-2017-1000368Patch;Third Party Advisory
-
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Technical Description;Third Party Advisory
-
https://www.exploit-db.com/exploits/42276/
Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege EscalationThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/99127
GNU glibc CVE-2017-1000366 Local Memory Corruption VulnerabilityThird Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:1479
RHSA-2017:1479 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:1712
RHSA-2017:1712 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to