Main Vulnerability Database Vulnerabilities #VU37575

#VU37575 Buffer overflow in Glibc - CVE-2017-1000409

Published: February 1, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU37575

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-1000409

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Glibc

Software vendor:
GNU

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

Remediation

Install update from vendor's website.

External links

http://seclists.org/oss-sec/2017/q4/385
https://security.netapp.com/advisory/ntap-20190404-0003/
https://www.exploit-db.com/exploits/43331/

#VU37575 Buffer overflow in Glibc - CVE-2017-1000409

Description

Remediation

External links

Please verify you're human