CVE-2017-1000366
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD
Description
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
Affected (52)
Products: Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Long Life, Enterprise Linux Server Tus, Enterprise Linux Workstation · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server · Openstack: Cloud Magnum Orchestration · +5 more
Show all products
Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Server Long Life, Enterprise Linux Server Tus, Enterprise Linux Workstation · Novell: Suse Linux Enterprise Desktop, Suse Linux Enterprise Point Of Sale, Suse Linux Enterprise Server · Openstack: Cloud Magnum Orchestration · Opensuse: Leap · Suse: Linux Enterprise For Sap, Linux Enterprise Server, Linux Enterprise Server For Raspberry Pi, Linux Enterprise Software Development Kit · Gnu: Glibc · Debian: Debian Linux · Mcafee: Web Gateway
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5 | |
| Version 6.0 | |
| Version 6.0 | |
| Version 5.9 | |
| Version 6.2 | |
| Version 5.9 | |
| Version 6.5 | |
| Version 6.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 12.0 sp2 | |
| Version 11.0 sp3 | |
| Version 11.0 sp3 | |
| Version 7 | |
| Version 42.2 | |
| Version 12 sp1 | |
| Version 10 sp4 | |
| Version 12 sp2 | |
| Version 11.0 sp4 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8.0 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 7.6.2.14 |
References (40)
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Technical DescriptionThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.