漏洞类别:Local
漏洞等级: 
漏洞信息
The GNU C Library (glibc) project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel.
The dynamic loader (ld.so) of glibc contains the following memory leak and a buffer overflow vulnerabilities:
CVE-2017-1000408: Memory leak, first detected in glibc 2.1.1 (released on May 24, 1999); can be exploited and amplified through the LD_HWCAP_MASK environment variable
CVE-2017-1000409: Buffer overflow, first appeared in glibc 2.5 (released on September 29, 2006); can be triggered through the LD_LIBRARY_PATH environment variable.
QID Detection Logic:
This authenticated QID detects affected versions of operating systems based on CVE-2017-1000366.
漏洞危害
Successful exploitation allows an attacker to exploit the buffer overflow condition and execute arbitrary code on the targeted system.
解决方案
0daybank
文章评论