Podatność CVE-2017-1000366


Publikacja: 2017-06-19

Opis:
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
GNU C Library ld.so Memory Leak / Buffer Overflow
Qualys
13.12.2017

Typ:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
7.2/10
10/10
3.9/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Lokalny
Niska
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
SUSE -> Linux enterprise server for raspberry pi 
SUSE -> Linux enterprise server 
SUSE -> Linux enterprise for sap 
SUSE -> Linux enterprise software development kit 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux eus 
Redhat -> Enterprise linux aus 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux server long life 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server tus 
Redhat -> Enterprise linux workstation 
Redhat -> Enterprise linux server eus 
Redhat -> Virtualization 
Redhat -> Enterprise linux server 
Opensuse project -> LEAP 
Opensuse -> LEAP 
Openstack -> Cloud magnum orchestration 
Novell -> Suse linux enterprise point of sale 
Novell -> Suse linux enterprise desktop 
Novell -> Suse linux enterprise server 
Mcafee -> Web gateway 
GNU -> Glibc 
Debian -> Debian linux 

 Referencje:
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
http://seclists.org/fulldisclosure/2019/Sep/7
http://www.debian.org/security/2017/dsa-3887
http://www.securityfocus.com/bid/99127
http://www.securitytracker.com/id/1038712
https://access.redhat.com/errata/RHSA-2017:1479
https://access.redhat.com/errata/RHSA-2017:1480
https://access.redhat.com/errata/RHSA-2017:1481
https://access.redhat.com/errata/RHSA-2017:1567
https://access.redhat.com/errata/RHSA-2017:1712
https://access.redhat.com/security/cve/CVE-2017-1000366
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
https://seclists.org/bugtraq/2019/Sep/7
https://security.gentoo.org/glsa/201706-19
https://www.exploit-db.com/exploits/42274/
https://www.exploit-db.com/exploits/42275/
https://www.exploit-db.com/exploits/42276/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://www.suse.com/security/cve/CVE-2017-1000366/
https://www.suse.com/support/kb/doc/?id=7020973

Copyright 2022, cxsecurity.com

 

Back to Top