CVE-2017-1000366

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

References

http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html

http://seclists.org/fulldisclosure/2019/Sep/7

http://www.debian.org/security/2017/dsa-3887

http://www.securityfocus.com/bid/99127

http://www.securitytracker.com/id/1038712

https://access.redhat.com/errata/RHSA-2017:1479

https://access.redhat.com/errata/RHSA-2017:1480

https://access.redhat.com/errata/RHSA-2017:1481

https://access.redhat.com/errata/RHSA-2017:1567

https://access.redhat.com/errata/RHSA-2017:1712

https://access.redhat.com/security/cve/CVE-2017-1000366

https://kc.mcafee.com/corporate/index?page=content&id=SB10205

https://seclists.org/bugtraq/2019/Sep/7

https://security.gentoo.org/glsa/201706-19

https://www.exploit-db.com/exploits/42274/

https://www.exploit-db.com/exploits/42275/

https://www.exploit-db.com/exploits/42276/

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

https://www.suse.com/security/cve/CVE-2017-1000366/

https://www.suse.com/support/kb/doc/?id=7020973

Details

Source: MITRE

Published: 2017-06-19

Updated: 2020-10-15

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:redhat:enterprise_linux:5:*:server:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_long_life:5.9:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:openstack:cloud_magnum_orchestration:7:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp2:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_point_of_sale:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:ltss:*:*:*

cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_for_sap:12:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:12:sp2:*:*:ltss:*:*:*

cpe:2.3:o:suse:linux_enterprise_server_for_raspberry_pi:12:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_software_development_kit:12.0:sp2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.25 (inclusive)

Configuration 4

OR

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 5

OR

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* versions up to 7.6.2.14 (inclusive)

cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* versions from 7.7.0.0 to 7.7.2.2 (inclusive)

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
132248RancherOS < 1.0.3 Local Memory CorruptionNessusMisc.
high
127325NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0099)NessusNewStart CGSL Local Security Checks
critical
127324NewStart CGSL MAIN 4.05 : glibc Multiple Vulnerabilities (NS-SA-2019-0099)NessusNewStart CGSL Local Security Checks
critical
125004EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)NessusHuawei Local Security Checks
high
121707Photon OS 1.0: Glibc PHSA-2017-0023NessusPhotonOS Local Security Checks
high
121705Photon OS 1.0: Glibc PHSA-2017-0022NessusPhotonOS Local Security Checks
high
121068Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)NessusJunos Local Security Checks
high
111872Photon OS 1.0: Glibc / Shadow / Systemd / Wget PHSA-2017-0023 (deprecated)NessusPhotonOS Local Security Checks
high
111871Photon OS 1.0: Glibc / Linux PHSA-2017-0022 (deprecated)NessusPhotonOS Local Security Checks
high
110057F5 Networks BIG-IP : glibc vulnerability (K20486351) (Stack Clash)NessusF5 Networks Local Security Checks
high
104100Juniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)NessusJunos Local Security Checks
high
102496McAfee Web Gateway 7.6.x < 7.6.2.15 / 7.7.x < 7.7.2.3 Multiple Vulnerabilities (SB10205)NessusMisc.
critical
102234EulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1147)NessusHuawei Local Security Checks
high
102233EulerOS 2.0 SP1 : glibc (EulerOS-SA-2017-1146)NessusHuawei Local Security Checks
high
102062OracleVM 3.2 : glibc (OVMSA-2017-0124) (Stack Clash)NessusOracleVM Local Security Checks
high
101731Fedora 26 : glibc (2017-d80ab96e61) (Stack Clash)NessusFedora Local Security Checks
high
101482Virtuozzo 7 : glibc / glibc-common / glibc-devel / glibc-headers / etc (VZLSA-2017-1481)NessusVirtuozzo Local Security Checks
high
101481Virtuozzo 6 : glibc / glibc-common / glibc-devel / glibc-headers / etc (VZLSA-2017-1480)NessusVirtuozzo Local Security Checks
high
101169Slackware 14.2 / current : glibc (SSA:2017-181-01) (Stack Clash)NessusSlackware Local Security Checks
high
101148Ubuntu 12.04 LTS : eglibc vulnerability (USN-3323-2) (Stack Clash)NessusUbuntu Local Security Checks
high
101126openSUSE Security Update : glibc (openSUSE-2017-715) (Stack Clash)NessusSuSE Local Security Checks
high
101069Fedora 24 : glibc (2017-698daef73c) (Stack Clash)NessusFedora Local Security Checks
high
101015Fedora 25 : glibc (2017-79414fefa1) (Stack Clash)NessusFedora Local Security Checks
high
100945GLSA-201706-19 : GNU C Library: Multiple vulnerabilities (Stack Clash)NessusGentoo Local Security Checks
high
100936CentOS 7 : glibc (CESA-2017:1481) (Stack Clash)NessusCentOS Local Security Checks
high
100935CentOS 6 : glibc (CESA-2017:1480) (Stack Clash)NessusCentOS Local Security Checks
high
100921Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : eglibc, glibc vulnerability (USN-3323-1) (Stack Clash)NessusUbuntu Local Security Checks
high
100918SUSE SLES11 Security Update : glibc (SUSE-SU-2017:1621-1) (Stack Clash)NessusSuSE Local Security Checks
high
100917SUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2017:1619-1) (Stack Clash)NessusSuSE Local Security Checks
high
100913SUSE SLES12 Security Update : glibc (SUSE-SU-2017:1614-1) (Stack Clash)NessusSuSE Local Security Checks
high
100911SUSE SLES12 Security Update : glibc (SUSE-SU-2017:1611-1) (Stack Clash)NessusSuSE Local Security Checks
high
100904Scientific Linux Security Update : glibc on SL7.x x86_64 (20170619) (Stack Clash)NessusScientific Linux Local Security Checks
high
100903Scientific Linux Security Update : glibc on SL6.x i386/x86_64 (20170619) (Stack Clash)NessusScientific Linux Local Security Checks
high
100892RHEL 7 : glibc (RHSA-2017:1481) (Stack Clash)NessusRed Hat Local Security Checks
high
100891RHEL 6 : glibc (RHSA-2017:1480) (Stack Clash)NessusRed Hat Local Security Checks
high
100890RHEL 6 / 7 : glibc (RHSA-2017:1479) (Stack Clash)NessusRed Hat Local Security Checks
high
100887Oracle Linux 7 : glibc (ELSA-2017-1481) (Stack Clash)NessusOracle Linux Local Security Checks
high
100886Oracle Linux 6 : glibc (ELSA-2017-1480) (Stack Clash)NessusOracle Linux Local Security Checks
high
100878Debian DSA-3887-1 : glibc - security update (Stack Clash)NessusDebian Local Security Checks
high
100875Debian DLA-992-1 : eglibc security update (Stack Clash)NessusDebian Local Security Checks
high
100873Amazon Linux AMI : glibc (ALAS-2017-844) (Stack Clash)NessusAmazon Linux Local Security Checks
high