5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.4%
The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6)
2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the
random value for the pointer guard, which makes it easier for
context-dependent attackers to control execution flow by leveraging a
buffer-overflow vulnerability in an application and using the known zero
value pointer guard to calculate a pointer address.
Author | Note |
---|---|
jdstrand | PoC in linux-distros@ (tested on Ubuntu 12.04, 13.04 and Debian 7.1) Only statically compiled executables, dynamic not affected upstream patch not available as of 2013-07-12 |
seth-arnold | PTR MANGLE is a security-hardening feature; exploiting this flaw requires a flaw in a statically linked executable that allows write access to one of the types of pointers that is mangled. Fixing the consequences of this flaw requires rebuilding all security-sensitive statically linked executables. |
mdeslaur | fix for this was reverted in saucy as it was causing the ARM testuite to fail. |
sbeattie | fix was re-enabled in trusty with the addition of the patches/any/cvs-CVE-2013-4788-static-ptrguard-arm.diff patch. |
mdeslaur | we will not be fixing this issue for earlier releases. |