CVE-2017-1000408

Published: 01/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.1.1

Several security issues were fixed in the GNU C library ...

Debian Bug report logs - #884133 glibc: CVE-2017-1000409 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Dec 2017 19:39:04 UTC Severity: important Tags: security, upstream Found in version glibc/ ...

Debian Bug report logs - #884132 glibc: CVE-2017-1000408 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 11 Dec 2017 19:39:01 UTC Severity: important Tags: security, upstream Found in version glibc/ ...

A memory leak in glibc 211 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366 ...

Qualys Security Advisory Buffer overflow in glibc's ldso ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer Overflow Exploitation Acknowledgments ================================================================== ...

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ldso) of the GNU C Library (glibc) ...

On Thu, Jun 27, 2019 at 04:03:21PM +0200, Solar Designer wrote: I'm not a member of security@ko, but that list isn't what we're looking for We've talked about this with Greg before sending this application, and he has pointed out that security@ko is not a disclosure list, but rather just a way to pull in kernel folks to fix issues Some (most? ...

On Thu, Jun 27, 2019 at 01:05:08PM -0400, Sasha Levin wrote: "Some (most?) of the kernel [security] bugs that get fixed don't go through" linux-distros as well I'm not entirely happy with the wording used there, which currently is: --- Fixes for sensitive bugs, such as those that might lead to privilege escalations, may need to be coordinate ...

On Fri, Jun 28, 2019 at 02:57:43PM +0200, Solar Designer wrote: True, but we care about more than just the kernel side of things Can I suggest that we fork the discussion around security-bugsrst to LKML? I can suggest an initial patch to address your comments here but I think that this is better handled on LKML My concern with Monday is ...

CWE-772 http://seclists.org/oss-sec/2017/q4/385 https://www.exploit-db.com/exploits/43331/https://security.netapp.com/advisory/ntap-20190404-0003/http://www.openwall.com/lists/oss-security/2019/06/27/7 http://www.openwall.com/lists/oss-security/2019/06/28/1 http://www.openwall.com/lists/oss-security/2019/06/28/2 https://nvd.nist.gov https://usn.ubuntu.com/3534-1/https://www.exploit-db.com/exploits/43331/

CVE-2017-1000408

Vulnerability Summary

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect