CVE-2013-4788
Published: 4 October 2013
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.
Notes
Author | Note |
---|---|
jdstrand | PoC in linux-distros@ (tested on Ubuntu 12.04, 13.04 and Debian 7.1) Only statically compiled executables, dynamic not affected upstream patch not available as of 2013-07-12 |
seth-arnold | PTR MANGLE is a security-hardening feature; exploiting this flaw requires a flaw in a statically linked executable that allows write access to one of the types of pointers that is mangled. Fixing the consequences of this flaw requires rebuilding all security-sensitive statically linked executables. |
mdeslaur | fix for this was reverted in saucy as it was causing the ARM testuite to fail. |
sbeattie | fix was re-enabled in trusty with the addition of the patches/any/cvs-CVE-2013-4788-static-ptrguard-arm.diff patch. |
mdeslaur | we will not be fixing this issue for earlier releases. |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
lucid |
Ignored
|
precise |
Ignored
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
|
|
trusty |
Not vulnerable
(2.18-0ubuntu1)
|
|
upstream |
Needed
|
|
Patches: other: http://hmarco.org/bugs/patches/ptr_mangle-eglibc-2.17.patch upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=c61b4d41c9647a54a329aa021341c0eb032b793e upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=0b1f8e35640f5b3f7af11764ade3ff060211c309 upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=5ebbff8fd1529aec13ac4d2906c1a36f3e738519 |