Wind River Support Network

HomeDefectsLIN6-5327
Not to be fixed

LIN6-5327 : Security Advisory - glibc - CVE-2013-4788

Created: Oct 16, 2013    Updated: Mar 5, 2016
Resolved Date: Jul 6, 2014
Previous ID: LIN3-24863
Found In Version: 6.0
Severity: Standard
Applicable for: Wind River Linux 6

Description

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17 and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.Additional information that was taken into consideration while scoring:

https://bugzilla.redhat.com/show_bug.cgi?id=985625

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4788

Workaround

Unknown

Steps to Reproduce

Unknown
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube