Wind River Support Network

HomeDefectsLIN5-13515
Fixed

LIN5-13515 : Security Advisory - glibc - CVE-2013-4788

Created: Oct 16, 2013    Updated: Dec 19, 2017
Resolved Date: Dec 16, 2013
Previous ID: LIN3-24859
Found In Version: 5.0
Fix Version: 5.0.1.11
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17 and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.Additional information that was taken into consideration while scoring:

https://bugzilla.redhat.com/show_bug.cgi?id=985625

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4788

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online