CVE-2017-1000366

HIGH

glibc <2.25 - Remote Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2017-1000366. PoCs published by Qualys Corporation.

AI-analyzed exploit summary This exploit targets CVE-2017-1000371, a vulnerability in the Linux dynamic loader (ld.so) affecting multiple distributions. It manipulates ELF binaries and auxiliary vectors to achieve arbitrary code execution by exploiting a buffer overflow in the dynamic linker.

Description

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Qualys Corporation · clocallinux_x86
https://www.exploit-db.com/exploits/42276

This exploit targets CVE-2017-1000371, a vulnerability in the Linux dynamic loader (ld.so) affecting multiple distributions. It manipulates ELF binaries and auxiliary vectors to achieve arbitrary code execution by exploiting a buffer overflow in the dynamic linker.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux dynamic loader (ld.so) on various distributions (Debian, Ubuntu, Fedora)
No auth needed
Prerequisites: Access to a vulnerable Linux system · Ability to execute binaries
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Qualys Corporation · clocallinux_x86-64
https://www.exploit-db.com/exploits/42275

This exploit leverages CVE-2017-1000379, a vulnerability in the Linux dynamic loader (ld.so) related to the handling of the HWCAP mechanism. It injects a malicious shared library to gain root privileges by manipulating the loader's behavior during program execution.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux dynamic loader (ld.so) on various distributions (Debian, Ubuntu, Fedora, CentOS)
No auth needed
Prerequisites: Access to a vulnerable Linux system · Ability to compile and execute the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Qualys Corporation · clocallinux_x86
https://www.exploit-db.com/exploits/42274

This exploit leverages CVE-2017-1000370, a vulnerability in the Linux dynamic loader (ld.so) related to the handling of the HWCAP mechanism. It injects a malicious shared library to achieve privilege escalation by manipulating the environment variables and library search paths.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux dynamic loader (ld.so) on various distributions (Debian, Fedora, CentOS)
No auth needed
Prerequisites: Access to a vulnerable Linux system · Ability to compile and execute the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Technical Description, Third Party Advisory x_refsource_misc
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038712
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42275/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1712
Third Party Advisory x_refsource_confirm
https://www.suse.com/security/cve/CVE-2017-1000366/
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1479
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1480
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/99127
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42276/
Third Party Advisory x_refsource_confirm
https://www.suse.com/support/kb/doc/?id=7020973
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1567
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42274/
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/cve/CVE-2017-1000366
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1481
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-3887
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201706-19
Patch, Third Party Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10205
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/7
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Sep/7

Scores

CVSS v3 7.8
EPSS 0.0644
EPSS Percentile 91.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (48)
debian/debian_linux 8.0
debian/debian_linux 9.0
gnu/glibc < 2.25
mcafee/web_gateway < 7.6.2.14
novell/suse_linux_enterprise_desktop 12.0 sp2
novell/suse_linux_enterprise_point_of_sale 11.0 sp3
novell/suse_linux_enterprise_server 11.0 sp3
openstack/cloud_magnum_orchestration 7
opensuse/leap 42.2
redhat/enterprise_linux 5
... and 38 more
Published Jun 19, 2017
Tracked Since Feb 18, 2026