CVE-2017-1000366

Home/CVE/glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causin

CVE

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causin

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

HIGH · CVSS 7.8 EPSS 0.08874

Act now

EPSS percentile: top 7% of all CVEs by exploitation likelihood
Public exploit or PoC is available
CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer

▤

Affected Products & Versions

redhat enterprise linuxall versions
redhat enterprise linux desktopall versions
redhat enterprise linux serverall versions
redhat enterprise linux server ausall versions
redhat enterprise linux server eusall versions
redhat enterprise linux server long lifeall versions
redhat enterprise linux server tusall versions
redhat enterprise linux workstationall versions
Show all 21 affected productsopenstack cloud magnum orchestrationall versions
novell suse linux enterprise desktopall versions
novell suse linux enterprise point of saleall versions
novell suse linux enterprise serverall versions
opensuse leapall versions
suse linux enterprise for sapall versions
suse linux enterprise serverall versions
suse linux enterprise server for raspberry piall versions
suse linux enterprise software development kitall versions
gnu glibc<= 2.25
debian linuxall versions
mcafee web gateway<= 7.6.2.14
mcafee web gateway>= 7.7.0.0 and <= 7.7.2.2

⚠

Public Exploits & PoCs

localLinux Kernel (Debian 7/8/9/10 / Fedora 23/24/25 / CentOS 5.3/5.11/6.0/6.8/7.2.1511) - 'ldso_hwcap Stack Clash' Local Privilege Escalationverified
localLinux Kernel (Debian 9/10 / Ubuntu 14.04.5/16.04.2/17.04 / Fedora 23/24/25) - 'ldso_dynamic Stack Clash' Local Privilege Escalationverified
localLinux Kernel (Debian 7.7/8.5/9.0 / Ubuntu 14.04.2/16.04.2/17.04 / Fedora 22/25 / CentOS 7.3.1611) - 'ldso_hwcap_64 Stack Clash' Local Privilege Escalationverified
pocpacketstormsecurity.com · Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.htmlpacketstormsecurity.com
pocwww.exploit-db.com · 42274www.exploit-db.com
pocwww.exploit-db.com · 42275www.exploit-db.com
pocwww.exploit-db.com · 42276www.exploit-db.com

▣

Scoring & Timeline

7.8

HIGH · CVSS v3.0 · cve@mitre.org

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD19 Jun 2017 · 04:29 PM

CVSS VectorCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

⚑

Vendor Advisories

suse-csafopenSUSE-SU-2024:10792-1
suse-csafSUSE-SU-2018:0074-1
suse-csafSUSE-SU-2017:2699-1
suse-csafSUSE-SU-2017:2700-1
usnUSN-3323-2
Show all 26 vendor advisoriesusnUSN-3323-1
rhsaRHSA-2017:1567Important
rhsaRHSA-2017:1479Important
rhsaRHSA-2017:1480Important
rhsaRHSA-2017:1481Important
suse-csafSUSE-SU-2017:1611-1
suse-csafSUSE-SU-2017:1614-1
suse-csafSUSE-SU-2017:1619-1
suse-csafSUSE-SU-2017:1621-1
rhsaRHSA-2017:1491Important
rhsaRHSA-2017:1490Important
rhsaRHSA-2017:1487Important
rhsaRHSA-2017:1489Important
rhsaRHSA-2017:1486Important
rhsaRHSA-2017:1485Important
rhsaRHSA-2017:1483Important
rhsaRHSA-2017:1482Important
rhsaRHSA-2017:1484Important
rhsaRHSA-2017:1488Important
rhsaRHSA-2017:1647Important
rhsaRHSA-2017:1616Important

🔗

References & Sources

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

http://seclists.org/fulldisclosure/2019/Sep/7

http://www.debian.org/security/2017/dsa-3887Third Party Advisory

http://www.securityfocus.com/bid/99127Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038712Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1712Third Party Advisory

https://access.redhat.com/security/cve/CVE-2017-1000366Third Party Advisory

Show all 12 references

https://kc.mcafee.com/corporate/index?page=content&id=SB10205PatchThird Party Advisory

https://seclists.org/bugtraq/2019/Sep/7

https://security.gentoo.org/glsa/201706-19Third Party Advisory

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txtTechnical DescriptionThird Party Advisory

https://www.suse.com/security/cve/CVE-2017-1000366/Third Party Advisory

https://www.suse.com/support/kb/doc/?id=7020973Third Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin