Not to be fixed
Created: Oct 16, 2013
Updated: Mar 5, 2016
Resolved Date: Jul 6, 2014
Previous ID: LIN3-24863
Found In Version: 6.0
Severity: Standard
Applicable for: Wind River Linux 6
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17 and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.Additional information that was taken into consideration while scoring:
https://bugzilla.redhat.com/show_bug.cgi?id=985625
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4788
Unknown
Unknown