Vulnerabilities > CVE-2017-1000366 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
redhat
suse
novell
openstack
opensuse
gnu
debian
mcafee
CWE-119
nessus
exploit available

Summary

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Vulnerable Configurations

Part Description Count
OS
Redhat
33
OS
Suse
9
OS
Novell
3
OS
Opensuse
1
OS
Debian
2
Application
Openstack
1
Application
Gnu
119
Application
Mcafee
61

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

  • descriptionLinux - 'ldso_hwcap' Local Root Stack Clash Exploit. CVE-2017-1000366,CVE-2017-1000370. Local exploit for Lin_x86 platform
    fileexploits/linux_x86/local/42274.c
    idEDB-ID:42274
    last seen2017-06-29
    modified2017-06-28
    platformlinux_x86
    port
    published2017-06-28
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/42274/
    titleLinux - 'ldso_hwcap' Local Root Stack Clash Exploit
    typelocal
  • descriptionLinux - 'ldso_dynamic' Local Root Stack Clash Exploit. CVE-2017-1000366,CVE-2017-1000371. Local exploit for Lin_x86 platform
    fileexploits/linux_x86/local/42276.c
    idEDB-ID:42276
    last seen2017-06-29
    modified2017-06-28
    platformlinux_x86
    port
    published2017-06-28
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/42276/
    titleLinux - 'ldso_dynamic' Local Root Stack Clash Exploit
    typelocal
  • descriptionLinux - 'ldso_hwcap_64' Local Root Stack Clash Exploit. CVE-2017-1000366,CVE-2017-1000379. Local exploit for Lin_x86-64 platform
    fileexploits/linux_x86-64/local/42275.c
    idEDB-ID:42275
    last seen2017-06-29
    modified2017-06-28
    platformlinux_x86-64
    port
    published2017-06-28
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/42275/
    titleLinux - 'ldso_hwcap_64' Local Root Stack Clash Exploit
    typelocal
  • descriptionglibc ld.so - Memory Leak / Buffer Overflow. CVE-2017-1000408,CVE-2017-1000409. Local exploit for Linux platform. Tags: Local
    fileexploits/linux/local/43331.txt
    idEDB-ID:43331
    last seen2017-12-13
    modified2017-12-13
    platformlinux
    port
    published2017-12-13
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/43331/
    titleglibc ld.so - Memory Leak / Buffer Overflow
    typelocal

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3323-2.NASL
    descriptionUSN-3323-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101148
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101148
    titleUbuntu 12.04 LTS : eglibc vulnerability (USN-3323-2) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3323-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101148);
      script_version("3.5");
      script_cvs_date("Date: 2019/04/30 14:30:16");
    
      script_cve_id("CVE-2017-1000366");
      script_xref(name:"USN", value:"3323-2");
    
      script_name(english:"Ubuntu 12.04 LTS : eglibc vulnerability (USN-3323-2) (Stack Clash)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3323-1 fixed a vulnerability in the GNU C Library. This update
    provides the corresponding update for Ubuntu 12.04 ESM.
    
    It was discovered that the GNU C library did not properly handle
    memory when processing environment variables for setuid programs. A
    local attacker could use this in combination with another
    vulnerability to gain administrative privileges.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:
    "Update the affected libc6 package. Note that the updated package may
    not be immediately available from the package repository or its
    mirrors.");
      script_set_attribute(attribute:"risk_factor", value:"High");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libc6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/06/29");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"libc6", pkgver:"2.15-0ubuntu10.20")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libc6");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1481.NASL
    descriptionAn update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100892
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100892
    titleRHEL 7 : glibc (RHSA-2017:1481) (Stack Clash)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1481.NASL
    descriptionAn update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100936
    published2017-06-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100936
    titleCentOS 7 : glibc (CESA-2017:1481) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1480.NASL
    descriptionFrom Red Hat Security Advisory 2017:1480 : An update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100886
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100886
    titleOracle Linux 6 : glibc (ELSA-2017-1480) (Stack Clash)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1480.NASL
    descriptionAn update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100935
    published2017-06-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100935
    titleCentOS 6 : glibc (CESA-2017:1480) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1147.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402) - glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.(CVE-2017-1000366) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-08-08
    plugin id102234
    published2017-08-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102234
    titleEulerOS 2.0 SP2 : glibc (EulerOS-SA-2017-1147)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-992.NASL
    descriptionThe Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt For Debian 7
    last seen2020-03-17
    modified2017-06-20
    plugin id100875
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100875
    titleDebian DLA-992-1 : eglibc security update (Stack Clash)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0023_GLIBC.NASL
    descriptionAn update of the glibc package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121707
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121707
    titlePhoton OS 1.0: Glibc PHSA-2017-0023
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0023_SHADOW.NASL
    descriptionAn update of the shadow package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121708
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121708
    titlePhoton OS 1.0: Shadow PHSA-2017-0023
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-698DAEF73C.NASL
    descriptionThis update addresses CVE-2017-1000366, a vulnerability in the dynamic linker allowing local privilege escalation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-06-28
    plugin id101069
    published2017-06-28
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101069
    titleFedora 24 : glibc (2017-698daef73c) (Stack Clash)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-844.NASL
    descriptionGlibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. (CVE-2017-1000366)
    last seen2020-06-01
    modified2020-06-02
    plugin id100873
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100873
    titleAmazon Linux AMI : glibc (ALAS-2017-844) (Stack Clash)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0023.NASL
    descriptionAn update of [systemd,wget,shadow,glibc] packages for PhotonOS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111872
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111872
    titlePhoton OS 1.0: Glibc / Shadow / Systemd / Wget PHSA-2017-0023 (deprecated)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-181-01.NASL
    descriptionNew glibc packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101169
    published2017-07-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101169
    titleSlackware 14.2 / current : glibc (SSA:2017-181-01) (Stack Clash)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL20486351.NASL
    descriptionglibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.(CVE-2017-1000366) Impact This vulnerability allows unauthorized disclosure of information, unauthorized modification, and disruption of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id110057
    published2018-05-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110057
    titleF5 Networks BIG-IP : glibc vulnerability (K20486351) (Stack Clash)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170619_GLIBC_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366)
    last seen2020-03-18
    modified2017-06-20
    plugin id100903
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100903
    titleScientific Linux Security Update : glibc on SL6.x i386/x86_64 (20170619) (Stack Clash)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0124.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Mitigation for CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations.
    last seen2020-06-01
    modified2020-06-02
    plugin id102062
    published2017-07-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102062
    titleOracleVM 3.2 : glibc (OVMSA-2017-0124) (Stack Clash)
  • NASL familyMisc.
    NASL idMCAFEE_WEB_GATEWAY_SB10205.NASL
    descriptionThe remote host is running a version of McAfee Web Gateway (MWG) that is affected by multiple security vulnerabilities : - A memory corruption flaw exists in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products that allows remote attackers to execute arbitrary code. (CVE-2012-6706) - A memory corruption flaw exists in Linux Kernel versions 4.11.5 and earlier that allows remote attacks to execute arbitrary code with elevated privileges.(CVE-2017-1000364) - A memory corruption flaw exists in the handling of LD_LIBRARY_PATH that allows a remote attacker to manipulate the heap/stack that may lead to arbitrary code execution. This issue only affects GNU glibc 2.25 and prior. (CVE-2017-1000366) - An input validation flaw exists in Todd Miller
    last seen2020-06-13
    modified2017-08-15
    plugin id102496
    published2017-08-15
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102496
    titleMcAfee Web Gateway 7.6.x < 7.6.2.15 / 7.7.x < 7.7.2.3 Multiple Vulnerabilities (SB10205)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201706-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201706-19 (GNU C Library: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers and Qualys&rsquo; security advisory referenced below for details. Impact : An attacker could possibly execute arbitrary code with the privileges of the process, escalate privileges or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id100945
    published2017-06-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100945
    titleGLSA-201706-19 : GNU C Library: Multiple vulnerabilities (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3323-1.NASL
    descriptionIt was discovered that the GNU C library did not properly handle memory when processing environment variables for setuid programs. A local attacker could use this in combination with another vulnerability to gain administrative privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100921
    published2017-06-20
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100921
    titleUbuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : eglibc, glibc vulnerability (USN-3323-1) (Stack Clash)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1480.NASL
    descriptionAn update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101481
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101481
    titleVirtuozzo 6 : glibc / glibc-common / glibc-devel / glibc-headers / etc (VZLSA-2017-1480)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1146.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The nss_dns implementation of getnetbyname in GNU C Library (aka glibc) before 2.21, when the DNS backend in the Name Service Switch configuration is enabled, allows remote attackers to cause a denial of service (infinite loop) by sending a positive answer while a network name is being process.(CVE-2014-9402) - glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.(CVE-2017-1000366) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-08-08
    plugin id102233
    published2017-08-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102233
    titleEulerOS 2.0 SP1 : glibc (EulerOS-SA-2017-1146)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1621-1.NASL
    descriptionThis update for glibc fixes the following issues : - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100918
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100918
    titleSUSE SLES11 Security Update : glibc (SUSE-SU-2017:1621-1) (Stack Clash)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA10917_184R1.NASL
    descriptionAccording to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id121068
    published2019-01-10
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121068
    titleJuniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3887.NASL
    descriptionThe Qualys Research Labs discovered various problems in the dynamic linker of the GNU C Library which allow local privilege escalation by clashing the stack. For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
    last seen2020-06-01
    modified2020-06-02
    plugin id100878
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100878
    titleDebian DSA-3887-1 : glibc - security update (Stack Clash)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0023_SYSTEMD.NASL
    descriptionAn update of the systemd package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121709
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121709
    titlePhoton OS 1.0: Systemd PHSA-2017-0023
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0023_WGET.NASL
    descriptionAn update of the wget package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121710
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121710
    titlePhoton OS 1.0: Wget PHSA-2017-0023
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-D80AB96E61.NASL
    descriptionThis update addresses CVE-2017-1000366, a vulnerability in the dynamic linker allowing local privilege escalation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-17
    plugin id101731
    published2017-07-17
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101731
    titleFedora 26 : glibc (2017-d80ab96e61) (Stack Clash)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0099_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) - A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636) - The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of- bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645) - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer- arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127325
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127325
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0099)
  • NASL familyMisc.
    NASL idRANCHEROS_1_0_3.NASL
    descriptionThe remote host is running a version of RancherOS that is prior to v.1.0.3, hence is vulnerable to a local memory-corruption vulnerability. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges (CVE-2017-1000364) Glibc module in Rancheros contains a vulnerability that allows manipulation of the heap/stack. Attackers may be able to exploit this issue to execute arbitrary code with elevated privileges (CVE-2017-1000366)
    last seen2020-06-01
    modified2020-06-02
    plugin id132248
    published2019-12-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132248
    titleSecurity Updates for RancherOS Local Memory Corruption Vulnerability
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0099_GLIBC.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has glibc packages installed that are affected by multiple vulnerabilities: - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out- of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution. (CVE-2015-8778) - A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. (CVE-2015-8779) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) - It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. (CVE-2015-8776) - A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. (CVE-2014-9761) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id127324
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127324
    titleNewStart CGSL MAIN 4.05 : glibc Multiple Vulnerabilities (NS-SA-2019-0099)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1480.NASL
    descriptionAn update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100891
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100891
    titleRHEL 6 : glibc (RHSA-2017:1480) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1619-1.NASL
    descriptionThis update for glibc fixes the following issues : - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100917
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100917
    titleSUSE SLED12 / SLES12 Security Update : glibc (SUSE-SU-2017:1619-1) (Stack Clash)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0022.NASL
    descriptionAn update of [linux,glibc] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111871
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111871
    titlePhoton OS 1.0: Glibc / Linux PHSA-2017-0022 (deprecated)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZLSA-2017-1481.NASL
    descriptionAn update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue. Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101482
    published2017-07-13
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101482
    titleVirtuozzo 7 : glibc / glibc-common / glibc-devel / glibc-headers / etc (VZLSA-2017-1481)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170619_GLIBC_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366)
    last seen2020-03-18
    modified2017-06-20
    plugin id100904
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100904
    titleScientific Linux Security Update : glibc on SL7.x x86_64 (20170619) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1479.NASL
    descriptionAn update for glibc is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support, Red Hat Enterprise Linux 5.9 Long Life, Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, and Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100890
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100890
    titleRHEL 6 / 7 : glibc (RHSA-2017:1479) (Stack Clash)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-79414FEFA1.NASL
    descriptionThis update addresses CVE-2017-1000366, a vulnerability in the dynamic linker allowing local privilege escalation. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-06-23
    plugin id101015
    published2017-06-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101015
    titleFedora 25 : glibc (2017-79414fefa1) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1611-1.NASL
    descriptionThis update for glibc fixes the following issues : - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - A defect in glibc
    last seen2020-06-01
    modified2020-06-02
    plugin id100911
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100911
    titleSUSE SLES12 Security Update : glibc (SUSE-SU-2017:1611-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1481.NASL
    descriptionFrom Red Hat Security Advisory 2017:1481 : An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es) : * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id100887
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100887
    titleOracle Linux 7 : glibc (ELSA-2017-1481) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1614-1.NASL
    descriptionThis update for glibc fixes the following issues : - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - The incorrectly defined constant O_TMPFILE has been fixed. [bsc#1038690] - An incorrectly specified buffer length in nscd netgroup queries has been fixed. [bsc#986858] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id100913
    published2017-06-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/100913
    titleSUSE SLES12 Security Update : glibc (SUSE-SU-2017:1614-1) (Stack Clash)
  • NASL familyJunos Local Security Checks
    NASL idJUNIPER_SPACE_JSA_10826.NASL
    descriptionAccording to its self-reported version number, the version of Junos Space running on the remote device is < 17.1R1, and is therefore affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id104100
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104100
    titleJuniper Junos Space < 17.1R1 Multiple Vulnerabilities (JSA10826)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0022_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121706
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121706
    titlePhoton OS 1.0: Linux PHSA-2017-0022
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0022_GLIBC.NASL
    descriptionAn update of the glibc package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121705
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121705
    titlePhoton OS 1.0: Glibc PHSA-2017-0022
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-715.NASL
    descriptionThis update for glibc fixes the following issues : - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. [bsc#1039357] - A bug in glibc that could result in deadlocks between malloc() and fork() has been fixed. [bsc#1040043] This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-05
    modified2017-06-30
    plugin id101126
    published2017-06-30
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101126
    titleopenSUSE Security Update : glibc (openSUSE-2017-715) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1551.NASL
    descriptionAccording to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.(CVE-2018-11236) - An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution.(CVE-2015-8778) - A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module.(CVE-2015-7547) - A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.(CVE-2013-0242) - A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult.(CVE-2017-1000366) - The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.(CVE-2017-12132) - It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service.(CVE-2014-8121) - Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706) - In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.(CVE-2018-1000001) - Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.(CVE-2012-4424) - It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application.(CVE-2015-8777) - The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.(CVE-2017-15804) - res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).(CVE-2015-5180) - pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system.(CVE-2013-2207) - A stack overflow flaw was found in glibc
    last seen2020-03-17
    modified2019-05-14
    plugin id125004
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125004
    titleEulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1551)

Packetstorm

Redhat

advisories
  • bugzilla
    id1452543
    titleCVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentglibc-devel is earlier than 0:2.5-123.el5_11.4
            ovaloval:com.redhat.rhsa:tst:20171479001
          • commentglibc-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022010
        • AND
          • commentglibc-utils is earlier than 0:2.5-123.el5_11.4
            ovaloval:com.redhat.rhsa:tst:20171479003
          • commentglibc-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022002
        • AND
          • commentglibc-common is earlier than 0:2.5-123.el5_11.4
            ovaloval:com.redhat.rhsa:tst:20171479005
          • commentglibc-common is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022004
        • AND
          • commentglibc-headers is earlier than 0:2.5-123.el5_11.4
            ovaloval:com.redhat.rhsa:tst:20171479007
          • commentglibc-headers is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022012
        • AND
          • commentglibc is earlier than 0:2.5-123.el5_11.4
            ovaloval:com.redhat.rhsa:tst:20171479009
          • commentglibc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022006
        • AND
          • commentnscd is earlier than 0:2.5-123.el5_11.4
            ovaloval:com.redhat.rhsa:tst:20171479011
          • commentnscd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20130022008
    rhsa
    idRHSA-2017:1479
    released2017-06-19
    severityImportant
    titleRHSA-2017:1479: glibc security update (Important)
  • bugzilla
    id1452543
    titleCVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentglibc-static is earlier than 0:2.12-1.209.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20171480001
          • commentglibc-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763002
        • AND
          • commentglibc-common is earlier than 0:2.12-1.209.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20171480003
          • commentglibc-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763008
        • AND
          • commentnscd is earlier than 0:2.12-1.209.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20171480005
          • commentnscd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763014
        • AND
          • commentglibc-headers is earlier than 0:2.12-1.209.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20171480007
          • commentglibc-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763010
        • AND
          • commentglibc is earlier than 0:2.12-1.209.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20171480009
          • commentglibc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763004
        • AND
          • commentglibc-devel is earlier than 0:2.12-1.209.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20171480011
          • commentglibc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763006
        • AND
          • commentglibc-utils is earlier than 0:2.12-1.209.el6_9.2
            ovaloval:com.redhat.rhsa:tst:20171480013
          • commentglibc-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763012
    rhsa
    idRHSA-2017:1480
    released2017-06-19
    severityImportant
    titleRHSA-2017:1480: glibc security update (Important)
  • bugzilla
    id1452543
    titleCVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentglibc-static is earlier than 0:2.17-157.el7_3.4
            ovaloval:com.redhat.rhsa:tst:20171481001
          • commentglibc-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763002
        • AND
          • commentglibc is earlier than 0:2.17-157.el7_3.4
            ovaloval:com.redhat.rhsa:tst:20171481003
          • commentglibc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763004
        • AND
          • commentglibc-headers is earlier than 0:2.17-157.el7_3.4
            ovaloval:com.redhat.rhsa:tst:20171481005
          • commentglibc-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763010
        • AND
          • commentglibc-utils is earlier than 0:2.17-157.el7_3.4
            ovaloval:com.redhat.rhsa:tst:20171481007
          • commentglibc-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763012
        • AND
          • commentglibc-common is earlier than 0:2.17-157.el7_3.4
            ovaloval:com.redhat.rhsa:tst:20171481009
          • commentglibc-common is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763008
        • AND
          • commentnscd is earlier than 0:2.17-157.el7_3.4
            ovaloval:com.redhat.rhsa:tst:20171481011
          • commentnscd is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763014
        • AND
          • commentglibc-devel is earlier than 0:2.17-157.el7_3.4
            ovaloval:com.redhat.rhsa:tst:20171481013
          • commentglibc-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120763006
    rhsa
    idRHSA-2017:1481
    released2017-06-19
    severityImportant
    titleRHSA-2017:1481: glibc security update (Important)
  • rhsa
    idRHSA-2017:1567
  • rhsa
    idRHSA-2017:1712
rpms
  • glibc-0:2.12-1.107.el6_4.10
  • glibc-0:2.12-1.132.el6_5.9
  • glibc-0:2.12-1.149.el6_6.12
  • glibc-0:2.12-1.166.el6_7.8
  • glibc-0:2.12-1.47.el6_2.18
  • glibc-0:2.17-106.el7_2.9
  • glibc-0:2.5-107.el5_9.9
  • glibc-0:2.5-123.el5_11.4
  • glibc-common-0:2.12-1.107.el6_4.10
  • glibc-common-0:2.12-1.132.el6_5.9
  • glibc-common-0:2.12-1.149.el6_6.12
  • glibc-common-0:2.12-1.166.el6_7.8
  • glibc-common-0:2.12-1.47.el6_2.18
  • glibc-common-0:2.17-106.el7_2.9
  • glibc-common-0:2.5-107.el5_9.9
  • glibc-common-0:2.5-123.el5_11.4
  • glibc-debuginfo-0:2.12-1.107.el6_4.10
  • glibc-debuginfo-0:2.12-1.132.el6_5.9
  • glibc-debuginfo-0:2.12-1.149.el6_6.12
  • glibc-debuginfo-0:2.12-1.166.el6_7.8
  • glibc-debuginfo-0:2.12-1.47.el6_2.18
  • glibc-debuginfo-0:2.17-106.el7_2.9
  • glibc-debuginfo-0:2.5-107.el5_9.9
  • glibc-debuginfo-0:2.5-123.el5_11.4
  • glibc-debuginfo-common-0:2.12-1.107.el6_4.10
  • glibc-debuginfo-common-0:2.12-1.132.el6_5.9
  • glibc-debuginfo-common-0:2.12-1.149.el6_6.12
  • glibc-debuginfo-common-0:2.12-1.166.el6_7.8
  • glibc-debuginfo-common-0:2.12-1.47.el6_2.18
  • glibc-debuginfo-common-0:2.17-106.el7_2.9
  • glibc-debuginfo-common-0:2.5-107.el5_9.9
  • glibc-debuginfo-common-0:2.5-123.el5_11.4
  • glibc-devel-0:2.12-1.107.el6_4.10
  • glibc-devel-0:2.12-1.132.el6_5.9
  • glibc-devel-0:2.12-1.149.el6_6.12
  • glibc-devel-0:2.12-1.166.el6_7.8
  • glibc-devel-0:2.12-1.47.el6_2.18
  • glibc-devel-0:2.17-106.el7_2.9
  • glibc-devel-0:2.5-107.el5_9.9
  • glibc-devel-0:2.5-123.el5_11.4
  • glibc-headers-0:2.12-1.107.el6_4.10
  • glibc-headers-0:2.12-1.132.el6_5.9
  • glibc-headers-0:2.12-1.149.el6_6.12
  • glibc-headers-0:2.12-1.166.el6_7.8
  • glibc-headers-0:2.12-1.47.el6_2.18
  • glibc-headers-0:2.17-106.el7_2.9
  • glibc-headers-0:2.5-107.el5_9.9
  • glibc-headers-0:2.5-123.el5_11.4
  • glibc-static-0:2.12-1.107.el6_4.10
  • glibc-static-0:2.12-1.132.el6_5.9
  • glibc-static-0:2.12-1.149.el6_6.12
  • glibc-static-0:2.12-1.166.el6_7.8
  • glibc-static-0:2.12-1.47.el6_2.18
  • glibc-static-0:2.17-106.el7_2.9
  • glibc-utils-0:2.12-1.107.el6_4.10
  • glibc-utils-0:2.12-1.132.el6_5.9
  • glibc-utils-0:2.12-1.149.el6_6.12
  • glibc-utils-0:2.12-1.166.el6_7.8
  • glibc-utils-0:2.12-1.47.el6_2.18
  • glibc-utils-0:2.17-106.el7_2.9
  • glibc-utils-0:2.5-107.el5_9.9
  • glibc-utils-0:2.5-123.el5_11.4
  • nscd-0:2.12-1.107.el6_4.10
  • nscd-0:2.12-1.132.el6_5.9
  • nscd-0:2.12-1.149.el6_6.12
  • nscd-0:2.12-1.166.el6_7.8
  • nscd-0:2.12-1.47.el6_2.18
  • nscd-0:2.17-106.el7_2.9
  • nscd-0:2.5-107.el5_9.9
  • nscd-0:2.5-123.el5_11.4
  • glibc-0:2.12-1.209.el6_9.2
  • glibc-common-0:2.12-1.209.el6_9.2
  • glibc-debuginfo-0:2.12-1.209.el6_9.2
  • glibc-debuginfo-common-0:2.12-1.209.el6_9.2
  • glibc-devel-0:2.12-1.209.el6_9.2
  • glibc-headers-0:2.12-1.209.el6_9.2
  • glibc-static-0:2.12-1.209.el6_9.2
  • glibc-utils-0:2.12-1.209.el6_9.2
  • nscd-0:2.12-1.209.el6_9.2
  • glibc-0:2.17-157.el7_3.4
  • glibc-common-0:2.17-157.el7_3.4
  • glibc-debuginfo-0:2.17-157.el7_3.4
  • glibc-debuginfo-common-0:2.17-157.el7_3.4
  • glibc-devel-0:2.17-157.el7_3.4
  • glibc-headers-0:2.17-157.el7_3.4
  • glibc-static-0:2.17-157.el7_3.4
  • glibc-utils-0:2.17-157.el7_3.4
  • nscd-0:2.17-157.el7_3.4

References