BDU:2017-00284

BDU

MediumConfirmedExploit available

Уязвимость функции elf_get_dynamic_info (elf/dynamic-link.h) модуля ld.so библиотеки, обеспечивающей системные вызовы и основные функции, g…

CVSS

5.1

Medium

EPSS

0.00

Published

2017-01-01

Updated

2017-01-01

Description

Уязвимость функции elf_get_dynamic_info (elf/dynamic-link.h) модуля ld.so библиотеки, обеспечивающей системные вызовы и основные функции, glibc связана с целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированной ELF-программы, содержащей отрицательное значение для определенного элемента структуры d_tag в ELF-заголовке

Affected products

Huawei technologies co., ltd. Usg6330The gnu project Glibc

CVSS vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Timeline

2017-01-01

Published

2017-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: H

High (H)

Authentication

Au: N

None (N)

Confidentiality Impact

C: P

Partial

Integrity Impact

I: P

Partial

Availability Impact

A: P

Partial

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

15274

exploitdb · https://www.exploit-db.com/exploits/15274

Enterprise

15304

exploitdb · https://www.exploit-db.com/exploits/15304

Enterprise

17120

exploitdb · https://www.exploit-db.com/exploits/17120

Enterprise

18105

exploitdb · https://www.exploit-db.com/exploits/18105

Enterprise

31550

exploitdb · https://www.exploit-db.com/exploits/31550

Enterprise

33230

exploitdb · https://www.exploit-db.com/exploits/33230

Enterprise

36404

exploitdb · https://www.exploit-db.com/exploits/36404

Enterprise

44024

exploitdb · https://www.exploit-db.com/exploits/44024

Enterprise

44025

exploitdb · https://www.exploit-db.com/exploits/44025

Enterprise

CVE-2010-3847

github-poc · https://github.com/magisterquis/cve-2010-3847

Enterprise

Affected software

Product	Vendor	Status
usg6330	huawei technologies co., ltd.	Tracked
glibc	the gnu project	Tracked

Source databases

BDU

Related vulnerabilities

CVE-2010-0830

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0830@http://ubuntu.com/usn/usn-944-1@http://www.mandriva.com/security/advisories?name=MDVSA-2010:111@http://www.mandriva.com/security/advisories?name=MDVSA-2010:112@http://www.debian.org/security/dsa-2058/@http://www.gentoo.org/security/en/glsa/glsa-201011-01.xml@https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html@http://www.securitytracker.com/id/1024044@http://www.securityfocus.com/bid/40063@http://drosenbe.blogspot.com/2010/05/integer-overflow-in-ldso-cve-2010-0830.html@http://frugalware.org/security/662@http://security.gentoo.org/glsa/glsa-201011-01.xml@http://securitytracker.com/id?1024044@http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5@http://www.debian.org/security/2010/dsa-2058@http://www.mandriva.com/security/advisories?name=MDVSA-2010:111@http://www.mandriva.com/security/advisories?name=MDVSA-2010:112@http://www.securityfocus.com/bid/40063@http://www.ubuntu.com/usn/USN-944-1@http://www.vupen.com/english/advisories/2010/1246@http://xforce.iss.net/xforce/xfdb/58915@https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html