CVE-2017-1000366
Summary
| CVE | CVE-2017-1000366 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-06-19 16:29:00 UTC |
| Updated | 2025-04-20 01:37:25 UTC |
| Description | glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
Risk And Classification
Primary CVSS: v3.0 7.8 HIGH from [email protected]
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types: CWE-119 | n/a
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.0 | [email protected] | Primary | 7.8 | HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| 2.0 | [email protected] | Primary | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C |
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
HighCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:L/AC:L/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Application | Gnu | Glibc | All | All | All | All |
| Application | Mcafee | Web Gateway | All | All | All | All |
| Application | Mcafee | Web Gateway | All | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Desktop | 12.0 | sp2 | All | All |
| Operating System | Novell | Suse Linux Enterprise Point Of Sale | 11.0 | sp3 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 11.0 | sp3 | All | All |
| Application | Openstack | Cloud Magnum Orchestration | 7 | All | All | All |
| Operating System | Opensuse | Leap | 42.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 5 | All | server | All |
| Operating System | Redhat | Enterprise Linux | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 5.9 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Long Life | 5.9 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Suse | Linux Enterprise For Sap | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 10 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp1 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Server For Raspberry Pi | 12 | sp2 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 11.0 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Software Development Kit | 12.0 | sp2 | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| Cisco Device Hardcoded Credentials / GNU glibc / BusyBox ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| McAfee Corporate KB - McAfee Security Bulletin - Web Gateway update fixes vulnerabilities CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and CVE-2017-1000368 SB10205 | af854a3a-2127-422b-91ae-364da2661108 | kc.mcafee.com | Patch, Third Party Advisory |
| Linux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalation - Linux_x86-64 local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Third Party Advisory, VDB Entry |
| SUSE products and a new security bug class referred to as "Stack Clash". | Support | SUSE | af854a3a-2127-422b-91ae-364da2661108 | www.suse.com | Third Party Advisory |
| Debian -- Security Information -- DSA-3887-1 glibc | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Third Party Advisory |
| CVE-2017-1000366 - Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Bugtraq: SEC Consult SA-20190904-0 :: Multiple vulnerabilities in Cisco router series RV34X, RV26X and RV16X | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| Linux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalation - Linux_x86 local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Third Party Advisory, VDB Entry |
| www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | af854a3a-2127-422b-91ae-364da2661108 | www.qualys.com | Technical Description, Third Party Advisory |
| GNU C Library: Multiple vulnerabilities (GLSA 201706-19) — Gentoo security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Third Party Advisory |
| CVE-2017-1000366 | SUSE | af854a3a-2127-422b-91ae-364da2661108 | www.suse.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | access.redhat.com | Third Party Advisory |
| Glibc Stack/Heap Memory Allocation Error Lets Local Users Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| GNU glibc CVE-2017-1000366 Local Memory Corruption Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Linux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalation - Linux_x86 local Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378113 Virtuozzo Linux Security Update for glibc-devel (VZLSA-2017:1481)
- 378114 Virtuozzo Linux Security Update for glibc-devel (VZLSA-2017:1480)
- 378173 Virtuozzo Linux Security Update for glibc-static (VZLSA-2017:1481)
- 6000511 Debian Security Update for glibc (CVE-2017-1000409,CVE-2017-1000366)
- 6000512 Debian Security Update for glibc (CVE-2017-1000408)