|
|
| |
|
| |
glibc: multiple vulnerabilities
| Package(s): | glibc |
CVE #(s): | CVE-2013-4788
CVE-2013-4332
|
| Created: | September 30, 2013 |
Updated: | October 3, 2013 |
| Description: |
From the OpenWall advisories [1; 2]:
I recently discovered three integer overflow issues in the glibc
memory allocator functions pvalloc, valloc and
posix_memalign/memalign/aligned_alloc. These issues cause a large
allocation size to wrap around and cause a wrong sized allocation and
heap corruption. (CVE-2013-4332)
This bug was discovered in March 2013 while we were developing the RAF SSP
technique. The glibc bug makes it easy to take advantage of common
errors such as buffer overflows allows in these cases redirect the execution flow and potentially execute arbitrary code.
All statically linked applications compiled with glibc and eglibc are
affected, independent of the operating system distribution. Note that this problem is not solved by only patching the eglibc, but it is also necessary to recompile all static executables. As far I know there are a lot of routers, embedded systems etc., which use static linked applications. Since the bug is from the beginning of the PTR_MANGLE implementations (years 2005-2006) there are a ton of vulnerable devices. (CVE-2013-4788) |
| Alerts: |
|
( Log in to post comments)
|
|
|