What is the severity of CVE-2017-1000366?

CVE-2017-1000366 is considered a critical vulnerability due to its potential for arbitrary code execution.

How do I fix CVE-2017-1000366?

To fix CVE-2017-1000366, you should update the affected glibc packages to a version that includes the relevant security patches.

What versions are affected by CVE-2017-1000366?

CVE-2017-1000366 affects various versions of Red Hat Enterprise Linux and several SUSE Linux distributions with specific glibc versions.

Can CVE-2017-1000366 lead to remote code execution?

Yes, CVE-2017-1000366 can potentially lead to remote code execution if exploited by an attacker using specially crafted LD_LIBRARY_PATH values.

Is CVE-2017-1000366 specific to Linux?

CVE-2017-1000366 specifically impacts the GNU C Library (glibc), primarily used in Linux operating systems.

Vulnerability/
CVE-2017-1000366

high

7.8

CWE

119

19/5/2017

19/6/2017

5/8/2024

CVE-2017-1000366: Buffer Overflow

First published: Fri May 19 2017(Updated: )

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux	=5
Red Hat Enterprise Linux	=6.0
Red Hat Enterprise Linux	=7.0
redhat enterprise Linux desktop	=6.0
redhat enterprise Linux desktop	=7.0
redhat enterprise Linux server	=6.0
redhat enterprise Linux server	=6.6
redhat enterprise Linux server	=7.0
redhat enterprise Linux server aus	=5.9
redhat enterprise Linux server aus	=6.2
redhat enterprise Linux server aus	=6.4
redhat enterprise Linux server aus	=6.5
redhat enterprise Linux server aus	=6.6
redhat enterprise Linux server aus	=7.2
redhat enterprise Linux server aus	=7.3
redhat enterprise Linux server aus	=7.4
redhat enterprise Linux server aus	=7.6
redhat enterprise Linux server eus	=6.2
redhat enterprise Linux server eus	=6.5
redhat enterprise Linux server eus	=6.7
redhat enterprise Linux server eus	=7.2
redhat enterprise Linux server eus	=7.3
redhat enterprise Linux server eus	=7.4
redhat enterprise Linux server eus	=7.5
redhat enterprise Linux server eus	=7.6
Red Hat Enterprise Linux Server Long Life	=5.9
redhat enterprise Linux server tus	=6.5
redhat enterprise Linux server tus	=6.6
redhat enterprise Linux server tus	=7.2
redhat enterprise Linux server tus	=7.3
redhat enterprise Linux server tus	=7.6
redhat enterprise Linux workstation	=6.0
redhat enterprise Linux workstation	=7.0
OpenStack Magnum Orchestration	=7
SUSE Linux Enterprise Desktop	=12.0-sp2
SUSE Linux Enterprise Point of Sale	=11.0-sp3
SUSE Linux Enterprise Server	=11.0-sp3
openSUSE	=42.2
SUSE Linux Enterprise for SAP Applications	=12-sp1
SUSE Linux Enterprise Server	=10-sp4
SUSE Linux Enterprise Server	=11-sp4
SUSE Linux Enterprise Server	=12-sp1
SUSE Linux Enterprise Server	=12-sp2
SUSE Linux Enterprise Server	=12-sp2
SUSE Linux Enterprise Server	=12-sp2
SUSE Linux Enterprise Software Development Kit	=11.0-sp4
SUSE Linux Enterprise Software Development Kit	=12.0-sp2
GNU C Library	<=2.25
Debian	=8.0
Debian	=9.0
McAfee Web Gateway	<=7.6.2.14
McAfee Web Gateway	>=7.7.0.0<=7.7.2.2

Remedy

https://kc.mcafee.com/corporate/index?page=content&id=SB10205

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1000366?
CVE-2017-1000366 is considered a critical vulnerability due to its potential for arbitrary code execution.
How do I fix CVE-2017-1000366?
To fix CVE-2017-1000366, you should update the affected glibc packages to a version that includes the relevant security patches.
What versions are affected by CVE-2017-1000366?
CVE-2017-1000366 affects various versions of Red Hat Enterprise Linux and several SUSE Linux distributions with specific glibc versions.
Can CVE-2017-1000366 lead to remote code execution?
Yes, CVE-2017-1000366 can potentially lead to remote code execution if exploited by an attacker using specially crafted LD_LIBRARY_PATH values.
Is CVE-2017-1000366 specific to Linux?
CVE-2017-1000366 specifically impacts the GNU C Library (glibc), primarily used in Linux operating systems.

agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-1000366
agent/references
agent/severity
agent/weakness
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/5
version/red hat enterprise linux/6.0
version/red hat enterprise linux/7.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server/6.6
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/5.9
version/redhat enterprise linux server aus/6.2
version/redhat enterprise linux server aus/6.4
version/redhat enterprise linux server aus/6.5
version/redhat enterprise linux server aus/6.6
version/redhat enterprise linux server aus/7.2
version/redhat enterprise linux server aus/7.3
version/redhat enterprise linux server aus/7.4
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/6.2
version/redhat enterprise linux server eus/6.5
version/redhat enterprise linux server eus/6.7
version/redhat enterprise linux server eus/7.2
version/redhat enterprise linux server eus/7.3
version/redhat enterprise linux server eus/7.4
version/redhat enterprise linux server eus/7.5
version/redhat enterprise linux server eus/7.6
canonical/red hat enterprise linux server long life
version/red hat enterprise linux server long life/5.9
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/6.5
version/redhat enterprise linux server tus/6.6
version/redhat enterprise linux server tus/7.2
version/redhat enterprise linux server tus/7.3
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/6.0
version/redhat enterprise linux workstation/7.0
vendor/openstack
canonical/openstack magnum orchestration
version/openstack magnum orchestration/7
vendor/novell
canonical/suse linux enterprise desktop
version/suse linux enterprise desktop/12.0-sp2
canonical/suse linux enterprise point of sale
version/suse linux enterprise point of sale/11.0-sp3
canonical/suse linux enterprise server
version/suse linux enterprise server/11.0-sp3
vendor/opensuse
canonical/opensuse
version/opensuse/42.2
vendor/suse
canonical/suse linux enterprise for sap applications
version/suse linux enterprise for sap applications/12-sp1
version/suse linux enterprise server/10-sp4
version/suse linux enterprise server/11-sp4
version/suse linux enterprise server/12-sp1
version/suse linux enterprise server/12-sp2
canonical/suse linux enterprise software development kit
version/suse linux enterprise software development kit/11.0-sp4
version/suse linux enterprise software development kit/12.0-sp2
vendor/gnu
canonical/gnu c library
version/gnu c library/2.25
vendor/debian
canonical/debian
version/debian/8.0
version/debian/9.0
vendor/mcafee
canonical/mcafee web gateway
version/mcafee web gateway/7.6.2.14
version/mcafee web gateway/7.7.0.0
version/mcafee web gateway/7.7.2.2