Ubuntu.comUB:CVE-2013-4788CVE-2013-4788
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.4%
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6)
2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the
random value for the pointer guard, which makes it easier for
context-dependent attackers to control execution flow by leveraging a
buffer-overflow vulnerability in an application and using the known zero
value pointer guard to calculate a pointer address.
Bugs
- <http://sourceware.org/bugzilla/show_bug.cgi?id=15754>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717178>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4788>
Notes
| Author | Note |
|---|---|
| jdstrand | PoC in linux-distros@ (tested on Ubuntu 12.04, 13.04 and Debian 7.1) Only statically compiled executables, dynamic not affected upstream patch not available as of 2013-07-12 |
| seth-arnold | PTR MANGLE is a security-hardening feature; exploiting this flaw requires a flaw in a statically linked executable that allows write access to one of the types of pointers that is mangled. Fixing the consequences of this flaw requires rebuilding all security-sensitive statically linked executables. |
| mdeslaur | fix for this was reverted in saucy as it was causing the ARM testuite to fail. |
| sbeattie | fix was re-enabled in trusty with the addition of the patches/any/cvs-CVE-2013-4788-static-ptrguard-arm.diff patch. |
| mdeslaur | we will not be fixing this issue for earlier releases. |
Related
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.4%