Summary: | <sys-libs/glibc-2.19-r1: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables (CVE-2013-4788) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | minor | CC: | sudormrfhalt, toolchain | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://sourceware.org/bugzilla/show_bug.cgi?id=15754 | ||||||
See Also: |
http://sourceware.org/bugzilla/show_bug.cgi?id=15754 https://bugzilla.redhat.com/show_bug.cgi?id=985625 |
||||||
Whiteboard: | A1 [glsa cleanup] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | 518364 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Agostino Sarubbo
2013-07-18 19:05:07 UTC
CVE-2013-4788 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4788): The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17 and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. i've cherry picked this into the glibc-2.18 patchset Created attachment 381676 [details, diff]
glibc-rh985625-CVE-2013-4788.patch
Comment on attachment 381676 [details, diff] glibc-rh985625-CVE-2013-4788.patch (In reply to Andrey Ovcharov from comment #3) we don't deal in random patches ... just links to the upstream git repo Maintainer(s), please drop the vulnerable version(s). Added to an existing GLSA Request. This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |