#VU37575 Buffer overflow in Glibc - CVE-2017-1000409

Cybersecurity Help s.r.o.

Published: 2018-02-01 | Updated: 2021-06-17

Vulnerability identifier: #VU37575

Vulnerability risk: Low

CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-1000409

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Glibc: 2.5

External links
https://seclists.org/oss-sec/2017/q4/385
https://security.netapp.com/advisory/ntap-20190404-0003/
https://www.exploit-db.com/exploits/43331/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Buffer overflow in GNU Glibc

OpenSUSE Linux update for glibc

SUSE Linux update for glibc

Fedora 27 update for glibc