Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386315 - sys-libs/glibc: Unspecified vulnerability (CVE-2010-3192)
Summary: sys-libs/glibc: Unspecified vulnerability (CVE-2010-3192)
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 14:07 UTC by GLSAMaker/CVETool Bot
Modified: 2012-04-13 23:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 14:07:56 UTC 
CVE-2010-3192 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3192):
  Certain run-time memory protection mechanisms in the GNU C Library (aka
  glibc or libc6) print argv[0] and backtrace information, which might allow
  context-dependent attackers to obtain sensitive information from process
  memory by executing an incorrect program, as demonstrated by a setuid
  program that contains a stack-based buffer overflow error, related to the
  __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail
  (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.
Comment 1 SpanKY gentoo-dev 2012-04-13 23:41:34 UTC 
i'm not interested in "information leakage" wrt argv[0] and/or the backtrace (which are just symbols+addresses)