7.2
CVSSv2

CVE-2017-1000366

Published: 19/06/2017 Updated: 15/10/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 736
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and previous versions.

Vulnerability Trend

Vendor Advisories

Synopsis Important: glibc security update Type/Severity Security Advisory: Important Topic An update for glibc is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Synopsis Important: glibc security update Type/Severity Security Advisory: Important Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Synopsis Important: glibc security update Type/Severity Security Advisory: Important Topic An update for glibc is now available for Red Hat Enterprise Linux 5 ExtendedLifecycle Support, Red Hat Enterprise Linux 59 Long Life, Red Hat EnterpriseLinux 62 Advanced Update Support, Red Hat Enterprise Linux 64 ...
Synopsis Important: Red Hat Container Development Kit 300 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Container Development Kit 300Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability ...
Gnu C library could be made to run programs as an administrator ...
Gnu C library could be made to run programs as an administrator ...
The Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack For the full details, please refer to their advisory published at: wwwqualyscom/2017/06/19/stack-clash/stack-clashtxt For the oldstable distribution (jessie), this problem has been ...
Synopsis Important: Red Hat 3scale API Management Platform 200 security update Type/Severity Security Advisory: Important Topic A security update for Red Hat 3scale API Management Platform 200 is now available from the Red Hat Container CatalogRed Hat Product Security has rated this update as having a ...
Glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitab ...
A flaw was found in the way memory was being allocated on the stack for user space binaries If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase ...
Arch Linux Security Advisory ASA-201706-22 ========================================== Severity: High Date : 2017-06-20 CVE-ID : CVE-2017-1000366 Package : lib32-glibc Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-308 Summary ======= The package lib32-glibc before version 225-4 is vulnerable to priv ...
Arch Linux Security Advisory ASA-201706-23 ========================================== Severity: High Date : 2017-06-20 CVE-ID : CVE-2017-1000366 Package : glibc Type : privilege escalation Remote : No Link : securityarchlinuxorg/AVG-307 Summary ======= The package glibc before version 225-4 is vulnerable to privilege escala ...
A flaw was found in the way memory was being allocated on the stack for user space binaries If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase ...
Synopsis Moderate: glibc security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for glibc is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Summary A flaw was found in the way memory was being allocated on the stack for user space binaries If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus ...
Oracle VM Server for x86 Bulletin - July 2017 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are published on the same day ...
AT&T has released versions 1801-za for the Vyatta 5600 Details of these releases can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...

Exploits

/* * Linux_ldso_hwcap_64c for CVE-2017-1000366, CVE-2017-1000379 * Copyright (C) 2017 Qualys, Inc * * my_important_hwcaps() adapted from elf/dl-hwcapsc, * part of the GNU C Library: * Copyright (C) 2012-2017 Free Software Foundation, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of th ...
/* * Linux_ldso_hwcapc for CVE-2017-1000366, CVE-2017-1000370 * Copyright (C) 2017 Qualys, Inc * * my_important_hwcaps() adapted from elf/dl-hwcapsc, * part of the GNU C Library: * Copyright (C) 2012-2017 Free Software Foundation, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the G ...
/* * Linux_ldso_dynamicc for CVE-2017-1000366, CVE-2017-1000371 * Copyright (C) 2017 Qualys, Inc * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later ver ...

Mailing Lists

Linux kernel ldso_hwcap_64 stack clash privilege escalation exploit This affects Debian 77/85/90, Ubuntu 14042/16042/1704, Fedora 22/25, and CentOS 731611 ...
Linux kernel ldso_hwcap stack clash privilege escalation exploit This affects Debian 7/8/9/10, Fedora 23/24/25, and CentOS 53/511/60/68/721511 ...
Linux kernel ldso_dynamic stack clash privilege escalation exploit This affects Debian 9/10, Ubuntu 14045/16042/1704, and Fedora 23/24/25 ...
Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ldso) of the GNU C Library (glibc) ...
SEC Consult Vulnerability Lab Security Advisory < 20190904-0 > ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, ...
SEC Consult Vulnerability Lab Security Advisory < 20190904-0 > ======================================================================= title: Multiple vulnerabilities product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, ...
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities ...

Github Repositories

Kaosagnt's Ansible Everyday Utils

Kaosagnt's Ansible Everyday Utils This project contains many of the Ansible playbooks that I use daily as a Systems Administrator in the pursuit of easy server task automation Installation You will need to setup and install Ansible like you normally would before using what is presented here Hint: it uses ansible wwwansiblecom Optional: Create an ansible-everyd

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :