var-201706-0334
Vulnerability from variot

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. glibc Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GNU glibc is prone to local memory-corruption vulnerability. An attacker could exploit this issue to execute arbitrary code in the context of the application. GNU glibc 2.25 and prior versions are vulnerable. glibc (also known as GNU C Library, libc6) is an open source and free C language compiler released under the LGPL license agreement. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

===================================================================== Red Hat Security Advisory

Synopsis: Important: glibc security update Advisory ID: RHSA-2017:1480-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1480 Issue date: 2017-06-19 CVE Names: CVE-2017-1000366 =====================================================================

  1. Summary:

An update for glibc is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

  1. Description:

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

  • A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366)

Red Hat would like to thank Qualys Research Labs for reporting this issue.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1452543 - CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations

  1. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source: glibc-2.12-1.209.el6_9.2.src.rpm

i386: glibc-2.12-1.209.el6_9.2.i686.rpm glibc-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-devel-2.12-1.209.el6_9.2.i686.rpm glibc-headers-2.12-1.209.el6_9.2.i686.rpm glibc-utils-2.12-1.209.el6_9.2.i686.rpm nscd-2.12-1.209.el6_9.2.i686.rpm

x86_64: glibc-2.12-1.209.el6_9.2.i686.rpm glibc-2.12-1.209.el6_9.2.x86_64.rpm glibc-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-devel-2.12-1.209.el6_9.2.i686.rpm glibc-devel-2.12-1.209.el6_9.2.x86_64.rpm glibc-headers-2.12-1.209.el6_9.2.x86_64.rpm glibc-utils-2.12-1.209.el6_9.2.x86_64.rpm nscd-2.12-1.209.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

i386: glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-static-2.12-1.209.el6_9.2.i686.rpm

x86_64: glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-static-2.12-1.209.el6_9.2.i686.rpm glibc-static-2.12-1.209.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source: glibc-2.12-1.209.el6_9.2.src.rpm

x86_64: glibc-2.12-1.209.el6_9.2.i686.rpm glibc-2.12-1.209.el6_9.2.x86_64.rpm glibc-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-devel-2.12-1.209.el6_9.2.i686.rpm glibc-devel-2.12-1.209.el6_9.2.x86_64.rpm glibc-headers-2.12-1.209.el6_9.2.x86_64.rpm glibc-utils-2.12-1.209.el6_9.2.x86_64.rpm nscd-2.12-1.209.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

x86_64: glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-static-2.12-1.209.el6_9.2.i686.rpm glibc-static-2.12-1.209.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source: glibc-2.12-1.209.el6_9.2.src.rpm

i386: glibc-2.12-1.209.el6_9.2.i686.rpm glibc-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-devel-2.12-1.209.el6_9.2.i686.rpm glibc-headers-2.12-1.209.el6_9.2.i686.rpm glibc-utils-2.12-1.209.el6_9.2.i686.rpm nscd-2.12-1.209.el6_9.2.i686.rpm

ppc64: glibc-2.12-1.209.el6_9.2.ppc.rpm glibc-2.12-1.209.el6_9.2.ppc64.rpm glibc-common-2.12-1.209.el6_9.2.ppc64.rpm glibc-debuginfo-2.12-1.209.el6_9.2.ppc.rpm glibc-debuginfo-2.12-1.209.el6_9.2.ppc64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.ppc.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.ppc64.rpm glibc-devel-2.12-1.209.el6_9.2.ppc.rpm glibc-devel-2.12-1.209.el6_9.2.ppc64.rpm glibc-headers-2.12-1.209.el6_9.2.ppc64.rpm glibc-utils-2.12-1.209.el6_9.2.ppc64.rpm nscd-2.12-1.209.el6_9.2.ppc64.rpm

s390x: glibc-2.12-1.209.el6_9.2.s390.rpm glibc-2.12-1.209.el6_9.2.s390x.rpm glibc-common-2.12-1.209.el6_9.2.s390x.rpm glibc-debuginfo-2.12-1.209.el6_9.2.s390.rpm glibc-debuginfo-2.12-1.209.el6_9.2.s390x.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.s390.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.s390x.rpm glibc-devel-2.12-1.209.el6_9.2.s390.rpm glibc-devel-2.12-1.209.el6_9.2.s390x.rpm glibc-headers-2.12-1.209.el6_9.2.s390x.rpm glibc-utils-2.12-1.209.el6_9.2.s390x.rpm nscd-2.12-1.209.el6_9.2.s390x.rpm

x86_64: glibc-2.12-1.209.el6_9.2.i686.rpm glibc-2.12-1.209.el6_9.2.x86_64.rpm glibc-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-devel-2.12-1.209.el6_9.2.i686.rpm glibc-devel-2.12-1.209.el6_9.2.x86_64.rpm glibc-headers-2.12-1.209.el6_9.2.x86_64.rpm glibc-utils-2.12-1.209.el6_9.2.x86_64.rpm nscd-2.12-1.209.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

i386: glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-static-2.12-1.209.el6_9.2.i686.rpm

ppc64: glibc-debuginfo-2.12-1.209.el6_9.2.ppc.rpm glibc-debuginfo-2.12-1.209.el6_9.2.ppc64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.ppc.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.ppc64.rpm glibc-static-2.12-1.209.el6_9.2.ppc.rpm glibc-static-2.12-1.209.el6_9.2.ppc64.rpm

s390x: glibc-debuginfo-2.12-1.209.el6_9.2.s390.rpm glibc-debuginfo-2.12-1.209.el6_9.2.s390x.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.s390.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.s390x.rpm glibc-static-2.12-1.209.el6_9.2.s390.rpm glibc-static-2.12-1.209.el6_9.2.s390x.rpm

x86_64: glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-static-2.12-1.209.el6_9.2.i686.rpm glibc-static-2.12-1.209.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source: glibc-2.12-1.209.el6_9.2.src.rpm

i386: glibc-2.12-1.209.el6_9.2.i686.rpm glibc-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-devel-2.12-1.209.el6_9.2.i686.rpm glibc-headers-2.12-1.209.el6_9.2.i686.rpm glibc-utils-2.12-1.209.el6_9.2.i686.rpm nscd-2.12-1.209.el6_9.2.i686.rpm

x86_64: glibc-2.12-1.209.el6_9.2.i686.rpm glibc-2.12-1.209.el6_9.2.x86_64.rpm glibc-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-devel-2.12-1.209.el6_9.2.i686.rpm glibc-devel-2.12-1.209.el6_9.2.x86_64.rpm glibc-headers-2.12-1.209.el6_9.2.x86_64.rpm glibc-utils-2.12-1.209.el6_9.2.x86_64.rpm nscd-2.12-1.209.el6_9.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

i386: glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-static-2.12-1.209.el6_9.2.i686.rpm

x86_64: glibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm glibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm glibc-static-2.12-1.209.el6_9.2.i686.rpm glibc-static-2.12-1.209.el6_9.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2017-1000366 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/stackguard

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iD8DBQFZSDWHXlSAg2UNWIIRAuhpAJ4uBm5IvSaX4vl7aeqKx4OoRTuvRgCdGBjo maI5Dz0nZVRbUM/HVd/qJrI= =sa7X -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . For the full details, please refer to their advisory published at: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

For the oldstable distribution (jessie), this problem has been fixed in version 2.19-18+deb8u10.

For the stable distribution (stretch), this problem has been fixed in version 2.24-11+deb9u1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your glibc packages.

Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/glibc-2.23-i586-2_slack14.2.txz: Rebuilt. Applied upstream security hardening patches from git. patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz: Rebuilt. ( Security fix ) +--------------------------+

Where to find the new packages: +-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)

Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.

Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz

Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-i18n-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-profile-2.23-x86_64-2_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-solibs-2.23-x86_64-2_slack14.2.txz

Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.25-i586-3.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.25-i586-3.txz

Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.25-x86_64-3.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.25-x86_64-3.txz

MD5 signatures: +-------------+

Slackware 14.2 packages: 663f47dc7d0dfedb2ebf7c61d3f2272c glibc-2.23-i586-2_slack14.2.txz 078372f057f25a9208065ab79057e177 glibc-i18n-2.23-i586-2_slack14.2.txz f071cea4355537664e48208f4af62eaf glibc-profile-2.23-i586-2_slack14.2.txz ab57d435ca54b173a9e68f71212fc461 glibc-solibs-2.23-i586-2_slack14.2.txz

Slackware x86_64 14.2 packages: 1133b60a4c0ce35878a10bd4315fb648 glibc-2.23-x86_64-2_slack14.2.txz 089ce46a9649272054b9677a545db1e2 glibc-i18n-2.23-x86_64-2_slack14.2.txz 5ac5d520b831cd7f905302feab8d0e75 glibc-profile-2.23-x86_64-2_slack14.2.txz b8457b979d2a6652ce3c0362c2ec5638 glibc-solibs-2.23-x86_64-2_slack14.2.txz

Slackware -current packages: 4dc6a08ad5905dcab5dba980b57d6b84 a/glibc-solibs-2.25-i586-3.txz 48c6c4a925eda4dc598470721edced9c l/glibc-2.25-i586-3.txz 1afd5bdb86c5450b1429e5c3ce7c8fd1 l/glibc-i18n-2.25-i586-3.txz 55908b021b0fdf6f00027579b885eea0 l/glibc-profile-2.25-i586-3.txz

Slackware x86_64 -current packages: 1e479e2e03e837f66c95cacb2b7649f7 a/glibc-solibs-2.25-x86_64-3.txz ec307efb44585984181c4fe0ce01ce30 l/glibc-2.25-x86_64-3.txz 6503ac6fe173da8a2da47dcbd9c24bb1 l/glibc-i18n-2.25-x86_64-3.txz 22bc7dc3ec5b8b2bc0ca7aa2226a3094 l/glibc-profile-2.25-x86_64-3.txz

Installation instructions: +------------------------+

Upgrade the packages as root:

upgradepkg glibc-*.txz

+-----+

Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com

+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.


Gentoo Linux Security Advisory GLSA 201706-19


                                       https://security.gentoo.org/

Severity: High Title: GNU C Library: Multiple vulnerabilities Date: June 20, 2017 Bugs: #608698, #608706, #622220 ID: 201706-19


Synopsis

Multiple vulnerabilities have been found in the GNU C Library, the worst of which may allow execution of arbitrary code.

Background

The GNU C library is the standard C library used by Gentoo Linux systems.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 sys-libs/glibc < 2.23-r4 >= 2.23-r4

Description

Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers and Qualys' security advisory referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All GNU C Library users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.23-r4"

References

[ 1 ] CVE-2015-5180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180 [ 2 ] CVE-2016-6323 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323 [ 3 ] CVE-2017-1000366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366 [ 4 ] Qualys Security Advisory - The Stack Clash https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201706-19

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

--cxbO5eT2swQBqr8k9tc6wcfapgLAJb4xR--

. SEC Consult Vulnerability Lab Security Advisory < 20190904-0 >

          title: Multiple vulnerabilities
        product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,
                 Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,
                 Cisco 160W

vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15 fixed version: see "Solution" CVE number: - impact: High homepage: https://www.cisco.com/ found: 2019-05-15 by: T. Weber, S. Viehböck (Office Vienna) IoT Inspector SEC Consult Vulnerability Lab

                 An integrated part of SEC Consult
                 Europe | Asia | North America

                 https://www.sec-consult.com

=======================================================================

Vendor description:

"Securely connecting your small business to the outside world is as important as connecting your internal network devices to one another. Cisco Small Business RV Series Routers offer virtual private networking (VPN) technology so your remote workers can connect to your network through a secure Internet pathway."

Source: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html

Business recommendation:

We want to thank Cisco for the very quick and professional response and great coordination. Customers are urged to update the firmware of their devices.

Vulnerability overview/description:

1) Hardcoded Credentials The device contains hardcoded users and passwords which can be used to login via SSH on an emulated device at least.

During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2015-7547, "getaddrinfo() buffer overflow") was verified by using the MEDUSA scalable firmware runtime.

3) Known BusyBox Vulnerabilities The used BusyBox toolkit in version 1.23.2 is outdated and contains multiple known vulnerabilities. The outdated version was found by IoT Inspector. One of the discovered vulnerabilities (CVE-2017-16544) was verified by using the MEDUSA scaleable firmware runtime.

4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot

Proof of concept:

1) Hardcoded Credentials The following hardcoded hashes were found in the 'shadow' file of the firmware: root:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7::: debug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7::: [...]

The undocumented user 'debug-admin' is also contained in this file.

Starting the dropbear daemon as background process on emulated firmware:

dropbear -E

[1109] Running in background

[1112] Child connection from :52718

[1112] /var must be owned by user or root, and not writable by others [1112] Password auth succeeded for 'debug-admin' from :52718


Log on via another host connected to the same network. For this PoC the password of the debug-admin was changed in the 'shadow' file.


[root@localhost medusa]# ssh debug-admin@ /bin/ash -i debug-admin@'s password: /bin/ash: can't access tty; job control turned off

BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)

/tmp $

The 'debug-admin' user has the same privileges like 'root'. This can be determined from the corresponding sudoers file in the firmware: [...]

User privilege specification

root ALL=(ALL) ALL debug-admin ALL=(ALL) ALL

Uncomment to allow members of group wheel to execute any command

%wheel ALL=(ALL) ALL

[...]

During the communication with Cisco it turned out that: "Accounts like the 'debug-admin' and 'root' can not be accessed from console port, CLI or webui". Therefore, these accounts had no real functionality and cannot be used for malicious actions.

The getaddrinfo() buffer overflow vulnerability was checked with the help of the exploit code from https://github.com/fjserna/CVE-2015-7547. It was compiled and executed on the emulated device to test the system.

python cve-2015-7547-poc.py &

[1] 961

chroot /medusa_rootfs/ bin/ash

BusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)

gdb cve-2015-7547_glibc_getaddrinfo

[...] [UDP] Total Data len recv 36 [UDP] Total Data len recv 36 Connected with 127.0.0.1:41782 [TCP] Total Data len recv 76 [TCP] Request1 len recv 36 [TCP] Request2 len recv 36 Cannot access memory at address 0x4

Program received signal SIGSEGV, Segmentation fault. 0x76f1fd58 in ?? () from /lib/libc.so.6 (gdb)

References: https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html https://github.com/fjserna/CVE-2015-7547

3) Known BusyBox Vulnerabilities BusyBox version 1.23.2 contains multiple CVEs like: CVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679, CVE-2017-16544 and CVE-2019-5747. The BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on an emulated device:

A file with the name "\ectest\n\e]55;test.txt\a" was created to trigger the vulnerability.


ls "pressing "

test ]55;test.txt


4) Multiple Vulnerabilities - IoT Inspector Report Further information can be found in IoT Inspector report: https://r.sec-consult.com/ciscoiot

The summary is below: IoT Inspector Vulnerability #1 BusyBox CVE entries Outdated BusyBox version is affected by 7 published CVEs.

IoT Inspector Vulnerability #2 curl CVE entries Outdated curl version is affected by 35 published CVEs.

IoT Inspector Vulnerability #5 Hardcoded password hashes Firmware contains multiple hardcoded credentials.

IoT Inspector Vulnerability #6 Linux Kernel CVE entries Outdated Linux Kernel version affected by 512 published CVEs.

IoT Inspector Vulnerability #7 MiniUPnPd CVE entries Outdated MiniUPnPd version affected by 2 published CVEs.

IoT Inspector Vulnerability #8 Dnsmasq CVE entries Outdated MiniUPnPd version affected by 1 published CVE.

IoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation “pp_key” Outdated Linux Kernel version is affected by CVE-2015-7547.

IoT Inspector Vulnerability #10 OpenSSL CVE entries Outdated OpenSSL version affected by 6 published CVEs.

Vulnerable / tested versions:

The following firmware versions have been tested with IoT Inspector and firmware emulation techniques: Cisco RV340 / 1.0.02.16 Cisco RV340W / 1.0.02.16 Cisco RV345 / 1.0.02.16 Cisco RV345P / 1.0.02.16 The following firmware versions have been tested with IoT Inspector only: Cisco RV260 / 1.0.00.15 Cisco RV260P / 1.0.00.15 Cisco RV260W / 1.0.00.15 Cisco RV160 / 1.0.00.15 Cisco RV160P / 1.0.00.15

The firmware was obtained from the vendor website: https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16 https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15

Vendor contact timeline:

2019-05-15: Contacting vendor through psirt@cisco.com. 2019-05-16: Vendor confirmed the receipt. 2019-05-2019-08: Periodic updates about the investigation from the vendor. Clarification which of the reported issues will be fixed. 2019-08-20: The vendor proposed the next possible publication date for the advisory for 2019-09-04. The vendor added the RV160 and RV260 router series to be vulnerable to the same issues too. 2019-09-04: Coordinated advisory release.

Solution:

Upgrade to the newest available firmware version.

Additionally, the vendor provides the following security notice: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter

Workaround:

None.

Advisory URL:

https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult Europe | Asia | North America

About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://www.sec-consult.com/en/career/index.html

Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://www.sec-consult.com/en/contact/index.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult

EOF T. Weber / @2019

. 7) - x86_64

  1. Description:

Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options.

Security Fix(es):

  • It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. (CVE-2017-7512)

The underlying container image was also rebuilt to resolve other security issues. Solution:

To apply this security fix, use the updated docker images. Bugs fixed (https://bugzilla.redhat.com/):

1457997 - CVE-2017-7512 3scale AMP: validation bypass in oauth

5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0334",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "suse",
        "version": "11.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.7"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.5"
      },
      {
        "model": "enterprise linux server long life",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.9"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.4"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "5.9"
      },
      {
        "model": "suse linux enterprise point of sale",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "11.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "8.0"
      },
      {
        "model": "glibc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "gnu",
        "version": "2.25"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.0"
      },
      {
        "model": "linux enterprise for sap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "42.2"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "suse linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "11.0"
      },
      {
        "model": "web gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.7.2.2"
      },
      {
        "model": "enterprise linux workstation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server tus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "web gateway",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.7.0.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "suse linux enterprise desktop",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "novell",
        "version": "12.0"
      },
      {
        "model": "cloud magnum orchestration",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "openstack",
        "version": "7"
      },
      {
        "model": "linux enterprise server for raspberry pi",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12"
      },
      {
        "model": "web gateway",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.6.2.14"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.2"
      },
      {
        "model": "linux enterprise software development kit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "suse",
        "version": "12.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.5"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.6"
      },
      {
        "model": "enterprise linux server eus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.4"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "c library",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "gnu",
        "version": "2.25"
      },
      {
        "model": "cloud magnum orchestration",
        "scope": null,
        "trust": 0.8,
        "vendor": "openstack",
        "version": null
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      },
      {
        "model": "linux enterprise desktop",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "linux enterprise for sap",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "linux enterprise point of sale",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "linux enterprise server",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "linux enterprise server for raspberry pi",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "linux enterprise software development kit",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "openstack cloud",
        "scope": null,
        "trust": 0.8,
        "vendor": "suse",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux aus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux eus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux long life",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server eus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux server tus",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.4"
      },
      {
        "model": "vm server for",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "x863.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "7"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "6"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.4"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.3"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.2"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.14"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.1"
      },
      {
        "model": "web gateway",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.0"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.22.90"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.12.2"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.12.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.11.2"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.11.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.10.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.5"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.4"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.3"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.2"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.2"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.1.9"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.1.3-10"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.1.3"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.1.2"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.1.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.0.6"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.0.5"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.0.4"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.0.3"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.0.2"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.0.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.0"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.25"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.24"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.23"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.22"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.21"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.20"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.19"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.18"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.17"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.16"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.15"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.14.1"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.14"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.13"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.12"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.11.3"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.11"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.10"
      },
      {
        "model": "glibc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "2.1.3.10"
      },
      {
        "model": "cfengine",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "gnu",
        "version": "1.2.3"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux ia-30",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "6.0"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.7.2.3"
      },
      {
        "model": "web gateway",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.6.2.15"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "99127"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:gnu:glibc",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:openstack:cloud_magnum_orchestration",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:opensuse_project:leap",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:suse:linux_enterprise_desktop",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:suse:linux_enterprise_for_sap",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:suse:suse_linux_enterprise_point_of_sale",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:suse:linux_enterprise_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:suse:linux_enterprise_server_for_raspberry_pi",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:suse:linux_enterprise_software_development_kit",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:suse:openstack_cloud",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_aus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_long_life",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_server_eus",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:redhat:enterprise_linux_server_tus",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "T. Weber",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "154361"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2017-1000366",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-1000366",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-100094",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2017-1000366",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-1000366",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-1000366",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-808",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-100094",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. glibc Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GNU glibc is prone to local memory-corruption vulnerability. \nAn attacker could exploit this  issue to execute arbitrary code in the  context of the application. \nGNU glibc 2.25 and prior versions are vulnerable. glibc (also known as GNU C Library, libc6) is an open source and free C language compiler released under the LGPL license agreement. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Important: glibc security update\nAdvisory ID:       RHSA-2017:1480-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2017:1480\nIssue date:        2017-06-19\nCVE Names:         CVE-2017-1000366 \n=====================================================================\n\n1. Summary:\n\nAn update for glibc is now available for Red Hat Enterprise Linux 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the name\nservice cache daemon (nscd) used by multiple programs on the system. \nWithout these libraries, the Linux system cannot function correctly. \n\nSecurity Fix(es):\n\n* A flaw was found in the way memory was being allocated on the stack for\nuser space binaries. If heap (or different memory region) and stack memory\nregions were adjacent to each other, an attacker could use this flaw to\njump over the stack guard gap, cause controlled memory corruption on\nprocess stack or the adjacent memory region, and thus increase their\nprivileges on the system. This is glibc-side mitigation which blocks\nprocessing of LD_LIBRARY_PATH for programs running in secure-execution mode\nand reduces the number of allocations performed by the processing of\nLD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of\nthis issue more difficult. (CVE-2017-1000366)\n\nRed Hat would like to thank Qualys Research Labs for reporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the glibc library\nmust be restarted, or the system rebooted. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1452543 - CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nglibc-2.12-1.209.el6_9.2.src.rpm\n\ni386:\nglibc-2.12-1.209.el6_9.2.i686.rpm\nglibc-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-devel-2.12-1.209.el6_9.2.i686.rpm\nglibc-headers-2.12-1.209.el6_9.2.i686.rpm\nglibc-utils-2.12-1.209.el6_9.2.i686.rpm\nnscd-2.12-1.209.el6_9.2.i686.rpm\n\nx86_64:\nglibc-2.12-1.209.el6_9.2.i686.rpm\nglibc-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-devel-2.12-1.209.el6_9.2.i686.rpm\nglibc-devel-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-headers-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-utils-2.12-1.209.el6_9.2.x86_64.rpm\nnscd-2.12-1.209.el6_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-static-2.12-1.209.el6_9.2.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-static-2.12-1.209.el6_9.2.i686.rpm\nglibc-static-2.12-1.209.el6_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nglibc-2.12-1.209.el6_9.2.src.rpm\n\nx86_64:\nglibc-2.12-1.209.el6_9.2.i686.rpm\nglibc-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-devel-2.12-1.209.el6_9.2.i686.rpm\nglibc-devel-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-headers-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-utils-2.12-1.209.el6_9.2.x86_64.rpm\nnscd-2.12-1.209.el6_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nx86_64:\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-static-2.12-1.209.el6_9.2.i686.rpm\nglibc-static-2.12-1.209.el6_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nglibc-2.12-1.209.el6_9.2.src.rpm\n\ni386:\nglibc-2.12-1.209.el6_9.2.i686.rpm\nglibc-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-devel-2.12-1.209.el6_9.2.i686.rpm\nglibc-headers-2.12-1.209.el6_9.2.i686.rpm\nglibc-utils-2.12-1.209.el6_9.2.i686.rpm\nnscd-2.12-1.209.el6_9.2.i686.rpm\n\nppc64:\nglibc-2.12-1.209.el6_9.2.ppc.rpm\nglibc-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-common-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.ppc.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.ppc.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-devel-2.12-1.209.el6_9.2.ppc.rpm\nglibc-devel-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-headers-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-utils-2.12-1.209.el6_9.2.ppc64.rpm\nnscd-2.12-1.209.el6_9.2.ppc64.rpm\n\ns390x:\nglibc-2.12-1.209.el6_9.2.s390.rpm\nglibc-2.12-1.209.el6_9.2.s390x.rpm\nglibc-common-2.12-1.209.el6_9.2.s390x.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.s390.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.s390x.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.s390.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.s390x.rpm\nglibc-devel-2.12-1.209.el6_9.2.s390.rpm\nglibc-devel-2.12-1.209.el6_9.2.s390x.rpm\nglibc-headers-2.12-1.209.el6_9.2.s390x.rpm\nglibc-utils-2.12-1.209.el6_9.2.s390x.rpm\nnscd-2.12-1.209.el6_9.2.s390x.rpm\n\nx86_64:\nglibc-2.12-1.209.el6_9.2.i686.rpm\nglibc-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-devel-2.12-1.209.el6_9.2.i686.rpm\nglibc-devel-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-headers-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-utils-2.12-1.209.el6_9.2.x86_64.rpm\nnscd-2.12-1.209.el6_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-static-2.12-1.209.el6_9.2.i686.rpm\n\nppc64:\nglibc-debuginfo-2.12-1.209.el6_9.2.ppc.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.ppc.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.ppc64.rpm\nglibc-static-2.12-1.209.el6_9.2.ppc.rpm\nglibc-static-2.12-1.209.el6_9.2.ppc64.rpm\n\ns390x:\nglibc-debuginfo-2.12-1.209.el6_9.2.s390.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.s390x.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.s390.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.s390x.rpm\nglibc-static-2.12-1.209.el6_9.2.s390.rpm\nglibc-static-2.12-1.209.el6_9.2.s390x.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-static-2.12-1.209.el6_9.2.i686.rpm\nglibc-static-2.12-1.209.el6_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nglibc-2.12-1.209.el6_9.2.src.rpm\n\ni386:\nglibc-2.12-1.209.el6_9.2.i686.rpm\nglibc-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-devel-2.12-1.209.el6_9.2.i686.rpm\nglibc-headers-2.12-1.209.el6_9.2.i686.rpm\nglibc-utils-2.12-1.209.el6_9.2.i686.rpm\nnscd-2.12-1.209.el6_9.2.i686.rpm\n\nx86_64:\nglibc-2.12-1.209.el6_9.2.i686.rpm\nglibc-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-devel-2.12-1.209.el6_9.2.i686.rpm\nglibc-devel-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-headers-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-utils-2.12-1.209.el6_9.2.x86_64.rpm\nnscd-2.12-1.209.el6_9.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\ni386:\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-static-2.12-1.209.el6_9.2.i686.rpm\n\nx86_64:\nglibc-debuginfo-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.i686.rpm\nglibc-debuginfo-common-2.12-1.209.el6_9.2.x86_64.rpm\nglibc-static-2.12-1.209.el6_9.2.i686.rpm\nglibc-static-2.12-1.209.el6_9.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-1000366\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/stackguard\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZSDWHXlSAg2UNWIIRAuhpAJ4uBm5IvSaX4vl7aeqKx4OoRTuvRgCdGBjo\nmaI5Dz0nZVRbUM/HVd/qJrI=\n=sa7X\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. For the full details, please refer to their advisory\npublished at:\nhttps://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 2.19-18+deb8u10. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 2.24-11+deb9u1. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nWe recommend that you upgrade your glibc packages. \n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n+--------------------------+\npatches/packages/glibc-2.23-i586-2_slack14.2.txz:  Rebuilt. \n  Applied upstream security hardening patches from git. \npatches/packages/glibc-profile-2.23-i586-2_slack14.2.txz:  Rebuilt. \n  (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project!  :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-2.23-i586-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-i18n-2.23-i586-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-profile-2.23-i586-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/glibc-solibs-2.23-i586-2_slack14.2.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-2.23-x86_64-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-i18n-2.23-x86_64-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-profile-2.23-x86_64-2_slack14.2.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/glibc-solibs-2.23-x86_64-2_slack14.2.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.25-i586-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.25-i586-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.25-i586-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.25-i586-3.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.25-x86_64-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.25-x86_64-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.25-x86_64-3.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.25-x86_64-3.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 14.2 packages:\n663f47dc7d0dfedb2ebf7c61d3f2272c  glibc-2.23-i586-2_slack14.2.txz\n078372f057f25a9208065ab79057e177  glibc-i18n-2.23-i586-2_slack14.2.txz\nf071cea4355537664e48208f4af62eaf  glibc-profile-2.23-i586-2_slack14.2.txz\nab57d435ca54b173a9e68f71212fc461  glibc-solibs-2.23-i586-2_slack14.2.txz\n\nSlackware x86_64 14.2 packages:\n1133b60a4c0ce35878a10bd4315fb648  glibc-2.23-x86_64-2_slack14.2.txz\n089ce46a9649272054b9677a545db1e2  glibc-i18n-2.23-x86_64-2_slack14.2.txz\n5ac5d520b831cd7f905302feab8d0e75  glibc-profile-2.23-x86_64-2_slack14.2.txz\nb8457b979d2a6652ce3c0362c2ec5638  glibc-solibs-2.23-x86_64-2_slack14.2.txz\n\nSlackware -current packages:\n4dc6a08ad5905dcab5dba980b57d6b84  a/glibc-solibs-2.25-i586-3.txz\n48c6c4a925eda4dc598470721edced9c  l/glibc-2.25-i586-3.txz\n1afd5bdb86c5450b1429e5c3ce7c8fd1  l/glibc-i18n-2.25-i586-3.txz\n55908b021b0fdf6f00027579b885eea0  l/glibc-profile-2.25-i586-3.txz\n\nSlackware x86_64 -current packages:\n1e479e2e03e837f66c95cacb2b7649f7  a/glibc-solibs-2.25-x86_64-3.txz\nec307efb44585984181c4fe0ce01ce30  l/glibc-2.25-x86_64-3.txz\n6503ac6fe173da8a2da47dcbd9c24bb1  l/glibc-i18n-2.25-x86_64-3.txz\n22bc7dc3ec5b8b2bc0ca7aa2226a3094  l/glibc-profile-2.25-x86_64-3.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the packages as root:\n# upgradepkg glibc-*.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list:                          |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message:                                                     |\n|                                                                        |\n|   unsubscribe slackware-security                                       |\n|                                                                        |\n| You will get a confirmation message back containing instructions to    |\n| complete the process.  Please do not reply to this email address. \n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201706-19\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: GNU C Library: Multiple vulnerabilities\n     Date: June 20, 2017\n     Bugs: #608698, #608706, #622220\n       ID: 201706-19\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the GNU C Library, the\nworst of which may allow execution of arbitrary code. \n\nBackground\n==========\n\nThe GNU C library is the standard C library used by Gentoo Linux\nsystems. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  sys-libs/glibc              \u003c 2.23-r4                 \u003e= 2.23-r4\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in the GNU C Library. \nPlease review the CVE identifiers and Qualys\u0027 security advisory\nreferenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll GNU C Library users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=sys-libs/glibc-2.23-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-5180\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5180\n[ 2 ] CVE-2016-6323\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6323\n[ 3 ] CVE-2017-1000366\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000366\n[ 4 ] Qualys Security Advisory - The Stack Clash\n      https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201706-19\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n\n\n--cxbO5eT2swQBqr8k9tc6wcfapgLAJb4xR--\n\n. SEC Consult Vulnerability Lab Security Advisory \u003c 20190904-0 \u003e\n=======================================================================\n              title: Multiple vulnerabilities\n            product: Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P,\n                     Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160,\n                     Cisco 160W\n vulnerable version: Cisco RV34X - 1.0.02.16, Cisco RV16X/26X - 1.0.00.15\n      fixed version: see \"Solution\"\n         CVE number: -\n             impact: High\n           homepage: https://www.cisco.com/\n              found: 2019-05-15\n                 by: T. Weber, S. Viehb\u00f6ck (Office Vienna)\n                     IoT Inspector\n                     SEC Consult Vulnerability Lab\n\n                     An integrated part of SEC Consult\n                     Europe | Asia | North America\n\n                     https://www.sec-consult.com\n\n=======================================================================\n\nVendor description:\n-------------------\n\"Securely connecting your small business to the outside world is as important\nas connecting your internal network devices to one another. Cisco Small\nBusiness RV Series Routers offer virtual private networking (VPN) technology\nso your remote workers can connect to your network through a secure Internet\npathway.\"\n\nSource: https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html\n\n\nBusiness recommendation:\n------------------------\nWe want to thank Cisco for the very quick and professional response and great\ncoordination. Customers are urged to update the firmware of their devices. \n\n\nVulnerability overview/description:\n-----------------------------------\n1) Hardcoded Credentials\nThe device contains hardcoded users and passwords which can be used to login\nvia SSH on an emulated device at least. \n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. The outdated version was found by IoT Inspector. One of\nthe discovered vulnerabilities (CVE-2015-7547, \"getaddrinfo() buffer overflow\")\nwas verified by using the MEDUSA scalable firmware runtime. \n\n3) Known BusyBox Vulnerabilities\nThe used BusyBox toolkit in version 1.23.2 is outdated and contains multiple\nknown vulnerabilities. The outdated version was found by IoT Inspector. \nOne of the discovered vulnerabilities (CVE-2017-16544) was verified by using\nthe MEDUSA scaleable firmware runtime. \n\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\n\nProof of concept:\n-----------------\n1) Hardcoded Credentials\nThe following hardcoded hashes were found in the \u0027shadow\u0027 file of the firmware:\nroot:$1$hPNSjUZA$7eKqEpqVYltt9xJ6f0OGf0:15533:0:99999:7:::\ndebug-admin:$1$.AAm0iJ4$na9wZwly9pSrdS8MhcGKw/:15541:0:99999:7:::\n[...]\n\nThe undocumented user \u0027debug-admin\u0027 is also contained in this file. \n\nStarting the dropbear daemon as background process on emulated firmware:\n-------------------------------------------------------------------------------\n# dropbear -E\n# [1109] \u003ctimestamp\u003e Running in background\n#\n# [1112] \u003ctimestamp\u003e Child connection from \u003cIP\u003e:52718\n[1112] \u003ctimestamp\u003e /var must be owned by user or root, and not writable by others\n[1112] \u003ctimestamp\u003e Password auth succeeded for \u0027debug-admin\u0027 from \u003cIP\u003e:52718\n-------------------------------------------------------------------------------\n\nLog on via another host connected to the same network. For this PoC the\npassword of the debug-admin was changed in the \u0027shadow\u0027 file. \n-------------------------------------------------------------------------------\n[root@localhost medusa]# ssh debug-admin@\u003cIP\u003e /bin/ash -i\ndebug-admin@\u003cIP\u003e\u0027s password:\n/bin/ash: can\u0027t access tty; job control turned off\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n/tmp $\n-------------------------------------------------------------------------------\n\nThe \u0027debug-admin\u0027 user has the same privileges like \u0027root\u0027. This can be\ndetermined from the corresponding sudoers file in the firmware:\n[...]\n## User privilege specification\n##\nroot ALL=(ALL) ALL\ndebug-admin ALL=(ALL) ALL\n\n## Uncomment to allow members of group wheel to execute any command\n# %wheel ALL=(ALL) ALL\n[...]\n\nDuring the communication with Cisco it turned out that:\n\"Accounts like the \u0027debug-admin\u0027 and \u0027root\u0027 can not be accessed\nfrom console port, CLI or webui\". \nTherefore, these accounts had no real functionality and cannot be used for\nmalicious actions. \n\nThe getaddrinfo() buffer overflow vulnerability was checked with the help of\nthe exploit code from https://github.com/fjserna/CVE-2015-7547. It was compiled\nand executed on the emulated device to test the system. \n\n# python cve-2015-7547-poc.py \u0026\n[1] 961\n# chroot /medusa_rootfs/ bin/ash\n\n\nBusyBox v1.23.2 (2018-11-21 18:22:56 IST) built-in shell (ash)\n\n# gdb cve-2015-7547_glibc_getaddrinfo\n[...]\n[UDP] Total Data len recv 36\n[UDP] Total Data len recv 36\nConnected with 127.0.0.1:41782\n[TCP] Total Data len recv 76\n[TCP] Request1 len recv 36\n[TCP] Request2 len recv 36\nCannot access memory at address 0x4\n\nProgram received signal SIGSEGV, Segmentation fault. \n0x76f1fd58 in ?? () from /lib/libc.so.6\n(gdb)\n\nReferences:\nhttps://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html\nhttps://github.com/fjserna/CVE-2015-7547\n\n\n3) Known BusyBox Vulnerabilities\nBusyBox version 1.23.2 contains multiple CVEs like:\nCVE-2016-2148, CVE-2016-6301, CVE-2015-9261, CVE-2016-2147, CVE-2018-20679,\nCVE-2017-16544 and CVE-2019-5747. \nThe BusyBox shell autocompletion vulnerability (CVE-2017-16544) was verified on\nan emulated device:\n\nA file with the name \"\\ectest\\n\\e]55;test.txt\\a\" was created to trigger the\nvulnerability. \n-------------------------------------------------------------------------------\n# ls \"pressing \u003cTAB\u003e\"\ntest\n]55;test.txt\n#\n-------------------------------------------------------------------------------\n\n4) Multiple Vulnerabilities - IoT Inspector Report\nFurther information can be found in IoT Inspector report:\nhttps://r.sec-consult.com/ciscoiot\n\nThe summary is below:\nIoT Inspector Vulnerability #1 BusyBox CVE entries\nOutdated BusyBox version is affected by 7 published CVEs. \n\nIoT Inspector Vulnerability #2 curl CVE entries\nOutdated curl version is affected by 35 published CVEs. \n\nIoT Inspector Vulnerability #5 Hardcoded password hashes\nFirmware contains multiple hardcoded credentials. \n\nIoT Inspector Vulnerability #6 Linux Kernel CVE entries\nOutdated Linux Kernel version affected by 512 published CVEs. \n\nIoT Inspector Vulnerability #7 MiniUPnPd CVE entries\nOutdated MiniUPnPd version affected by 2 published CVEs. \n\nIoT Inspector Vulnerability #8 Dnsmasq CVE entries\nOutdated MiniUPnPd version affected by 1 published CVE. \n\nIoT Inspector Vulnerability #9 Linux Kernel Privilege Escalation \u201cpp_key\u201d\nOutdated Linux Kernel version is affected by CVE-2015-7547. \n\nIoT Inspector Vulnerability #10 OpenSSL CVE entries\nOutdated OpenSSL  version affected by 6 published CVEs. \n\n\nVulnerable / tested versions:\n-----------------------------\nThe following firmware versions have been tested with IoT Inspector and\nfirmware emulation techniques:\nCisco RV340  / 1.0.02.16\nCisco RV340W / 1.0.02.16\nCisco RV345  / 1.0.02.16\nCisco RV345P / 1.0.02.16\nThe following firmware versions have been tested with IoT Inspector only:\nCisco RV260  / 1.0.00.15\nCisco RV260P / 1.0.00.15\nCisco RV260W / 1.0.00.15\nCisco RV160  / 1.0.00.15\nCisco RV160P / 1.0.00.15\n\nThe firmware was obtained from the vendor website:\nhttps://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16\nhttps://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15\n\n\nVendor contact timeline:\n------------------------\n2019-05-15: Contacting vendor through psirt@cisco.com. \n2019-05-16: Vendor confirmed the receipt. \n2019-05-2019-08: Periodic updates about the investigation from the vendor. \n            Clarification which of the reported issues will be fixed. \n2019-08-20: The vendor proposed the next possible publication date for the\n            advisory for 2019-09-04. The vendor added the RV160 and RV260\n            router series to be vulnerable to the same issues too. \n2019-09-04: Coordinated advisory release. \n\n\nSolution:\n---------\nUpgrade to the newest available firmware version. \n\nAdditionally, the vendor provides the following security notice:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-sb-vpnrouter\n\n\nWorkaround:\n-----------\nNone. \n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/vulnerability-lab/advisories/index.html\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nSEC Consult Vulnerability Lab\n\nSEC Consult\nEurope | Asia | North America\n\nAbout SEC Consult Vulnerability Lab\nThe SEC Consult Vulnerability Lab is an integrated part of SEC Consult. It\nensures the continued knowledge gain of SEC Consult in the field of network\nand application security to stay ahead of the attacker. The SEC Consult\nVulnerability Lab supports high-quality penetration testing and the evaluation\nof new offensive and defensive technologies for our customers. Hence our\ncustomers obtain the most current information about vulnerabilities and valid\nrecommendation about the risk profile of new technologies. \n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nInterested to work with the experts of SEC Consult?\nSend us your application https://www.sec-consult.com/en/career/index.html\n\nInterested in improving your cyber security with the experts of SEC Consult?\nContact our local offices https://www.sec-consult.com/en/contact/index.html\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nEOF T. Weber / @2019\n\n. 7) - x86_64\n\n3. Description:\n\nRed Hat 3scale API Management Platform 2.0 is a platform for the management\nof access and traffic for web-based APIs across a variety of deployment\noptions. \n\nSecurity Fix(es):\n\n* It was found that RH-3scale AMP would permit creation of an access token\nwithout a client secret. An attacker could use this flaw to circumvent\nauthentication controls and gain access to restricted APIs. (CVE-2017-7512)\n\nThe underlying container image was also rebuilt to resolve other security\nissues. Solution:\n\nTo apply this security fix, use the updated docker images. Bugs fixed (https://bugzilla.redhat.com/):\n\n1457997 - CVE-2017-7512 3scale AMP: validation bypass in oauth\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-1000366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "BID",
        "id": "99127"
      },
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "db": "PACKETSTORM",
        "id": "143001"
      },
      {
        "db": "PACKETSTORM",
        "id": "142992"
      },
      {
        "db": "PACKETSTORM",
        "id": "143225"
      },
      {
        "db": "PACKETSTORM",
        "id": "143033"
      },
      {
        "db": "PACKETSTORM",
        "id": "154361"
      },
      {
        "db": "PACKETSTORM",
        "id": "143005"
      },
      {
        "db": "PACKETSTORM",
        "id": "143264"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-100094",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-1000366",
        "trust": 3.5
      },
      {
        "db": "BID",
        "id": "99127",
        "trust": 2.0
      },
      {
        "db": "MCAFEE",
        "id": "SB10205",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "154361",
        "trust": 1.8
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42274",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42276",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "42275",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1038712",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3313",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "143001",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "142992",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "143005",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "143225",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "142990",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143205",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143207",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "142999",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143201",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-100094",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143033",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "143264",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "db": "BID",
        "id": "99127"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "PACKETSTORM",
        "id": "143001"
      },
      {
        "db": "PACKETSTORM",
        "id": "142992"
      },
      {
        "db": "PACKETSTORM",
        "id": "143225"
      },
      {
        "db": "PACKETSTORM",
        "id": "143033"
      },
      {
        "db": "PACKETSTORM",
        "id": "154361"
      },
      {
        "db": "PACKETSTORM",
        "id": "143005"
      },
      {
        "db": "PACKETSTORM",
        "id": "143264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "id": "VAR-201706-0334",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-29T21:45:09.811000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CVE-2017-1000366",
        "trust": 0.8,
        "url": "https://access.redhat.com/security/cve/CVE-2017-1000366"
      },
      {
        "title": "CVE-2017-1000366",
        "trust": 0.8,
        "url": "https://www.suse.com/security/cve/CVE-2017-1000366/"
      },
      {
        "title": "SUSE products and a new security bug class referred to as \"Stack Clash\".",
        "trust": 0.8,
        "url": "https://www.suse.com/support/kb/doc/?id=7020973"
      },
      {
        "title": "glibc Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71084"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/99127"
      },
      {
        "trust": 2.3,
        "url": "https://access.redhat.com/security/cve/cve-2017-1000366"
      },
      {
        "trust": 2.3,
        "url": "http://www.debian.org/security/2017/dsa-3887"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/154361/cisco-device-hardcoded-credentials-gnu-glibc-busybox.html"
      },
      {
        "trust": 2.2,
        "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"
      },
      {
        "trust": 1.9,
        "url": "https://access.redhat.com/errata/rhsa-2017:1481"
      },
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/201706-19"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1480"
      },
      {
        "trust": 1.8,
        "url": "https://access.redhat.com/errata/rhsa-2017:1712"
      },
      {
        "trust": 1.7,
        "url": "https://seclists.org/bugtraq/2019/sep/7"
      },
      {
        "trust": 1.7,
        "url": "https://www.suse.com/security/cve/cve-2017-1000366/"
      },
      {
        "trust": 1.7,
        "url": "https://www.suse.com/support/kb/doc/?id=7020973"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/42274/"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/42275/"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/42276/"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2019/sep/7"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2017:1479"
      },
      {
        "trust": 1.7,
        "url": "https://access.redhat.com/errata/rhsa-2017:1567"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1038712"
      },
      {
        "trust": 1.6,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10205"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000366"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-1000366"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10960426"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/support/docview.wss?uid=ibm10887793"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3313/"
      },
      {
        "trust": 0.6,
        "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10960426"
      },
      {
        "trust": 0.3,
        "url": "https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=efa26d9c13a6fabd34a05139e1d8b2e441b2fae9"
      },
      {
        "trust": 0.3,
        "url": "http://www.gnu.org/software/libc/"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452543"
      },
      {
        "trust": 0.3,
        "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=cve-2017-1000366"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2017-3832368.html"
      },
      {
        "trust": 0.3,
        "url": "https://www.oracle.com/technetwork/topics/security/ovmbulletinjul2017-3832369.html"
      },
      {
        "trust": 0.3,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10205\u0026actp=null\u0026viewlocale=en_us\u0026showdraft=false\u0026platinum_status=false\u0026locale=en_us"
      },
      {
        "trust": 0.3,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/vulnerabilities/stackguard"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10205"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=46703a3995aa3ca2b816814aa4ad05ed524194dd"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com"
      },
      {
        "trust": 0.1,
        "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=adc7e06fb412a2a1ee52f8cb788caf436335b9f3"
      },
      {
        "trust": 0.1,
        "url": "http://osuosl.org)"
      },
      {
        "trust": 0.1,
        "url": "http://slackware.com/gpg-key"
      },
      {
        "trust": 0.1,
        "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3c7cd21290cabdadd72984fb69bc51e64ff1002d"
      },
      {
        "trust": 0.1,
        "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=c69d4a0f680a24fdbe323764a50382ad324041e9"
      },
      {
        "trust": 0.1,
        "url": "https://sourceware.org/git/?p=glibc.git;a=commit;h=3776f38fcd267c127ba5eb222e2c614c191744aa"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-6323"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5180"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2017-1000366"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6323"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5180"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://github.com/fjserna/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-6301"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-1472"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisco.com/c/en/us/products/routers/small-business-rv-series-routers/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://r.sec-consult.com/ciscoiot"
      },
      {
        "trust": 0.1,
        "url": "https://security.googleblog.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/fjserna/cve-2015-7547."
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/career/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9402"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-5277"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8778"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/sec_consult"
      },
      {
        "trust": 0.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190904-sb-vpnrouter"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8779"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-9261"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7547"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2147"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9984"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-9761"
      },
      {
        "trust": 0.1,
        "url": "http://blog.sec-consult.com"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4043"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16544"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2148"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20679"
      },
      {
        "trust": 0.1,
        "url": "https://software.cisco.com/download/home/286316464/type/282465789/release/1.0.00.15"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5747"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/contact/index.html"
      },
      {
        "trust": 0.1,
        "url": "https://software.cisco.com/download/home/286287791/type/282465789/release/1.0.02.16"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:1484"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-7512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2017:1365"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-1000364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7502"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7512"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-1000364"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-7502"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "db": "BID",
        "id": "99127"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "PACKETSTORM",
        "id": "143001"
      },
      {
        "db": "PACKETSTORM",
        "id": "142992"
      },
      {
        "db": "PACKETSTORM",
        "id": "143225"
      },
      {
        "db": "PACKETSTORM",
        "id": "143033"
      },
      {
        "db": "PACKETSTORM",
        "id": "154361"
      },
      {
        "db": "PACKETSTORM",
        "id": "143005"
      },
      {
        "db": "PACKETSTORM",
        "id": "143264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "db": "BID",
        "id": "99127"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "db": "PACKETSTORM",
        "id": "143001"
      },
      {
        "db": "PACKETSTORM",
        "id": "142992"
      },
      {
        "db": "PACKETSTORM",
        "id": "143225"
      },
      {
        "db": "PACKETSTORM",
        "id": "143033"
      },
      {
        "db": "PACKETSTORM",
        "id": "154361"
      },
      {
        "db": "PACKETSTORM",
        "id": "143005"
      },
      {
        "db": "PACKETSTORM",
        "id": "143264"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "date": "2017-06-19T00:00:00",
        "db": "BID",
        "id": "99127"
      },
      {
        "date": "2017-07-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "date": "2017-06-19T23:54:48",
        "db": "PACKETSTORM",
        "id": "143001"
      },
      {
        "date": "2017-06-19T23:53:10",
        "db": "PACKETSTORM",
        "id": "142992"
      },
      {
        "date": "2017-07-03T18:49:28",
        "db": "PACKETSTORM",
        "id": "143225"
      },
      {
        "date": "2017-06-20T22:26:23",
        "db": "PACKETSTORM",
        "id": "143033"
      },
      {
        "date": "2019-09-04T18:32:22",
        "db": "PACKETSTORM",
        "id": "154361"
      },
      {
        "date": "2017-06-19T23:55:23",
        "db": "PACKETSTORM",
        "id": "143005"
      },
      {
        "date": "2017-07-06T20:26:00",
        "db": "PACKETSTORM",
        "id": "143264"
      },
      {
        "date": "2017-06-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      },
      {
        "date": "2017-06-19T16:29:00.310000",
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-100094"
      },
      {
        "date": "2017-09-05T20:13:00",
        "db": "BID",
        "id": "99127"
      },
      {
        "date": "2017-07-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      },
      {
        "date": "2019-09-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      },
      {
        "date": "2024-11-21T03:04:33.363000",
        "db": "NVD",
        "id": "CVE-2017-1000366"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "99127"
      },
      {
        "db": "PACKETSTORM",
        "id": "142992"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      }
    ],
    "trust": 1.0
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "glibc Buffer error vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-005209"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-808"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.