Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-16997

EPSS 1.13% · P79
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-16997

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU C Library 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU C Library(glibc,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU C Library 2.19版本至2.26版本中的elf/dl-load.c文件存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-glibc 2.19 through 2.26 glibc 2.19 through 2.26 -

II. Public POCs for CVE-2017-16997

#POC DescriptionSource LinkShenlong Link
1A proof-of-concept for CVE-2017-16997https://github.com/Xiami2012/CVE-2017-16997-pocPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-16997

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-12-18 · 27 CVEs total

CVE-2017-17649PHP Scripts Mall Readymade Video Sharing Script 安全漏洞
CVE-2017-17733Maccms 安全漏洞
CVE-2017-17731Desdev DedeCMS SQL注入漏洞
CVE-2017-17730Desdev DedeCMS SQL注入漏洞
CVE-2017-17727Desdev DedeCMS 安全漏洞
CVE-2017-17740OpenLDAP 安全漏洞
CVE-2017-17739BrightSign Digital Signage(4k242)路径遍历漏洞
CVE-2017-17738BrightSign Digital Signage(4k242)安全漏洞
CVE-2017-17737BrightSign Digital Signage(4k242)跨站脚本漏洞
CVE-2017-17735CMS Made Simple 安全漏洞
CVE-2017-17734CMS Made Simple 信息泄露漏洞
CVE-2017-17741Linux kernel 安全漏洞
CVE-2017-17651PHP Scripts Mall Paid To Read Script SQL注入漏洞
CVE-2017-11562MT4 Networks SenhaSegura Web Application 安全漏洞
CVE-2017-17645Bus Booking Script SQL注入漏洞
CVE-2017-17643FS Lynda Clone SQL注入漏洞
CVE-2017-14583NetApp Clustered Data ONTAP 安全漏洞
CVE-2017-17721ZUUSE BEIMS ContractorWeb .NET SQL注入漏洞
CVE-2017-17107Zivif PR115-204-P-RS 安全漏洞
CVE-2017-17106Zivif PR115-204-P-RS 安全漏洞

Showing top 20 of 27 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2017-16997

No comments yet

Leave a comment