CVE-2013-4788

Priority
Low
Description
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6)
2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the
random value for the pointer guard, which makes it easier for
context-dependent attackers to control execution flow by leveraging a
buffer-overflow vulnerability in an application and using the known zero
value pointer guard to calculate a pointer address.
References
Bugs
Notes
 jdstrand> PoC in linux-distros@ (tested on Ubuntu 12.04, 13.04 and Debian 7.1)
 jdstrand> Only statically compiled executables, dynamic not affected
 jdstrand> upstream patch not available as of 2013-07-12
 sarnold> PTR MANGLE is a security-hardening feature; exploiting this flaw
  requires a flaw in a statically linked executable that allows write
  access to one of the types of pointers that is mangled. Fixing the
  consequences of this flaw requires rebuilding all security-sensitive
  statically linked executables.
 mdeslaur> fix for this was reverted in saucy as it was causing the ARM
 mdeslaur> testuite to fail.
 sbeattie> fix was re-enabled in trusty with the addition of the
  patches/any/cvs-CVE-2013-4788-static-ptrguard-arm.diff patch.
 mdeslaur> we will not be fixing this issue for earlier releases.
Package
Upstream:needed
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (2.18-0ubuntu1)
Patches:
Patch:http://hmarco.org/bugs/patches/ptr_mangle-eglibc-2.17.patch
Upstream:https://sourceware.org/git/?p=glibc.git;a=commit;h=c61b4d41c9647a54a329aa021341c0eb032b793e
Upstream:https://sourceware.org/git/?p=glibc.git;a=commit;h=0b1f8e35640f5b3f7af11764ade3ff060211c309
Upstream:https://sourceware.org/git/?p=glibc.git;a=commit;h=5ebbff8fd1529aec13ac4d2906c1a36f3e738519
More Information

Updated: 2018-06-26 04:53:03 UTC (commit 7799c934cca373482531a7b00e4dfe82302ceae5)