CVE-2017-1000366

HIGH

Details

Source: MITRE

Published: 2017-06-19

Updated: 2020-10-15

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_long_life:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:openstack:cloud_magnum_orchestration:7:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*

cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_for_sap:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.25 (inclusive)

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* versions up to 7.6.2.14 (inclusive)

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* versions from 7.7.0.0 to 7.7.2.2 (inclusive)

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
132248RancherOS < 1.0.3 Local Memory CorruptionNessusMisc.
high
127325NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0099)NessusNewStart CGSL Local Security Checks
critical
127324NewStart CGSL MAIN 4.05 : glibc Multiple Vulnerabilities (NS-SA-2019-0099)NessusNewStart CGSL Local Security Checks
high
125004EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)NessusHuawei Local Security Checks
critical
121707Photon OS 1.0: Glibc PHSA-2017-0023NessusPhotonOS Local Security Checks
high
121705Photon OS 1.0: Glibc PHSA-2017-0022NessusPhotonOS Local Security Checks
high
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
111872Photon OS 1.0: Glibc / Shadow / Systemd / Wget PHSA-2017-0023 (deprecated)NessusPhotonOS Local Security Checks
high
111871Photon OS 1.0: Glibc / Linux PHSA-2017-0022 (deprecated)NessusPhotonOS Local Security Checks
high
110057F5 Networks BIG-IP : glibc vulnerability (K20486351) (Stack Clash)NessusF5 Networks Local Security Checks
high
104100Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)NessusJunos Local Security Checks
high
102496McAfee Web Gateway 7.6.x < 7.6.2.15 / 7.7.x < 7.7.2.3 Multiple Vulnerabilities (SB10205)NessusMisc.
critical
102234EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1147)NessusHuawei Local Security Checks
high
102233EulerOS 2.0 SP1 : glibc (EulerOS-SA-2017-1146)NessusHuawei Local Security Checks
high
102062OracleVM 3.2 : glibc (OVMSA-2017-0124) (Stack Clash)NessusOracleVM Local Security Checks
high
101731Fedora 26 : glibc (2017-d80ab96e61) (Stack Clash)NessusFedora Local Security Checks
high
101482Virtuozzo 7 : glibc / glibc-common / glibc-devel / glibc-headers / etc (VZLSA-2017-1481)NessusVirtuozzo Local Security Checks
high
101481Virtuozzo 6 : glibc / glibc-common / glibc-devel / glibc-headers / etc (VZLSA-2017-1480)NessusVirtuozzo Local Security Checks
high
101169Slackware 14.2 / current : glibc (SSA:2017-181-01) (Stack Clash)NessusSlackware Local Security Checks
high
101148Ubuntu 12.04 LTS : eglibc vulnerability (USN-3323-2) (Stack Clash)NessusUbuntu Local Security Checks
high
101126openSUSE Security Update : glibc (openSUSE-2017-715) (Stack Clash)NessusSuSE Local Security Checks
high
101069Fedora 24 : glibc (2017-698daef73c) (Stack Clash)NessusFedora Local Security Checks
high
101015Fedora 25 : glibc (2017-79414fefa1) (Stack Clash)NessusFedora Local Security Checks
high
100945GLSA-201706-19 : GNU C Library: Multiple vulnerabilities (Stack Clash)NessusGentoo Local Security Checks
high
100936CentOS 7 : glibc (CESA-2017:1481) (Stack Clash)NessusCentOS Local Security Checks
high
100935CentOS 6 : glibc (CESA-2017:1480) (Stack Clash)NessusCentOS Local Security Checks
high
100921Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : eglibc, glibc vulnerability (USN-3323-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100918SUSE SLES11 Security Update : glibc (SUSE-SU-2017:1621-1) (Stack Clash)NessusSuSE Local Security Checks
high
100917SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2017:1619-1) (Stack Clash)NessusSuSE Local Security Checks
high
100913SUSE SLES12 Security Update : glibc (SUSE-SU-2017:1614-1) (Stack Clash)NessusSuSE Local Security Checks
high
100911SUSE SLES12 Security Update : glibc (SUSE-SU-2017:1611-1) (Stack Clash)NessusSuSE Local Security Checks
high
100904Scientific Linux Security Update : glibc on SL7.x x86_64 (20170619) (Stack Clash)NessusScientific Linux Local Security Checks
high
100903Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20170619) (Stack Clash)NessusScientific Linux Local Security Checks
high
100892RHEL 7 : glibc (RHSA-2017:1481) (Stack Clash)NessusRed Hat Local Security Checks
high
100891RHEL 6 : glibc (RHSA-2017:1480) (Stack Clash)NessusRed Hat Local Security Checks
high
100890RHEL 6 / 7 : glibc (RHSA-2017:1479) (Stack Clash)NessusRed Hat Local Security Checks
high
100887Oracle Linux 7 : glibc (ELSA-2017-1481) (Stack Clash)NessusOracle Linux Local Security Checks
high
100886Oracle Linux 6 : glibc (ELSA-2017-1480) (Stack Clash)NessusOracle Linux Local Security Checks
high
100878Debian DSA-3887-1 : glibc - security update (Stack Clash)NessusDebian Local Security Checks
high
100875Debian DLA-992-1 : eglibc security update (Stack Clash)NessusDebian Local Security Checks
high
100873Amazon Linux AMI : glibc (ALAS-2017-844) (Stack Clash)NessusAmazon Linux Local Security Checks
high