CVE-2017-1000408 - OpenCVE

A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Gnu	Glibc

Configuration 1 [-]

cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/oss-sec/2017/q4/385	Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/06/27/7
http://www.openwall.com/lists/oss-security/2019/06/28/1
http://www.openwall.com/lists/oss-security/2019/06/28/2
https://security.netapp.com/advisory/ntap-20190404-0003/
https://www.exploit-db.com/exploits/43331/	Exploit Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-01T04:00:00

Updated: 2019-06-28T20:06:05

Reserved: 2017-12-05T00:00:00

Link: CVE-2017-1000408

JSON object: View

NVD Information

Status : Modified

Published: 2018-02-01T04:29:00.247

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-1000408

JSON object: View

Redhat Information

No data.

CWE

CWE-772

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2017-12-05T00:00:00", "datePublic": "2018-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-28T20:06:05", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "43331", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43331/"}, {"name": "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2017/q4/385"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"}, {"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2017-12-05", "ID": "CVE-2017-1000408", "REQUESTER": "qsa@qualys.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "43331", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43331/"}, {"name": "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2017/q4/385"}, {"name": "https://security.netapp.com/advisory/ntap-20190404-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"}, {"name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000408", "datePublished": "2018-02-01T04:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2019-06-28T20:06:05", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8ED8F0E8-A969-4F7F-A100-662F4A5426FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366."}, {"lang": "es", "value": "Una fuga de memoria en glibc 2.1.1 (publicado el 24 de mayo de 1999) puede ser alcanzada y amplificada mediante la variable de entorno LD_HWCAP_MASK. Hay que tener en cuenta que muchas versiones de glibc no son vulnerables a este problema si se corrigen con el parche para CVE-2017-1000366."}], "id": "CVE-2017-1000408", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-01T04:29:00.247", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/oss-sec/2017/q4/385"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20190404-0003/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43331/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-772"}], "source": "nvd@nist.gov", "type": "Primary"}]}