[Security] CVE-2017-1000366 Vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack

Created:

2017-08-09 07:19:22 UTC

Modified:

2017-08-16 16:43:33 UTC

0

Was this article helpful?


Have more questions?

Submit a request

[Security] CVE-2017-1000366 Vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack

Applicable to:

  • Plesk for Linux

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution.

The vulnerability affects glibc 2.25 and earlier.

For more information, please refer to the following resource:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366

Resolution

  • Connect to the server using SSH

  • Update glibc package to the > 2.25 version:

    # yum update glibc
Have more questions? Submit a request
Please sign in to leave a comment.