Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386315

Summary: sys-libs/glibc: Unspecified vulnerability (CVE-2010-3192)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED WONTFIX    
Severity: normal CC: hardened, toolchain
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [upstream]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 14:07:56 UTC 
CVE-2010-3192 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3192):
  Certain run-time memory protection mechanisms in the GNU C Library (aka
  glibc or libc6) print argv[0] and backtrace information, which might allow
  context-dependent attackers to obtain sensitive information from process
  memory by executing an incorrect program, as demonstrated by a setuid
  program that contains a stack-based buffer overflow error, related to the
  __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail
  (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations.
Comment 1 SpanKY gentoo-dev 2012-04-13 23:41:34 UTC 
i'm not interested in "information leakage" wrt argv[0] and/or the backtrace (which are just symbols+addresses)