|
|
Subscribe / Log in / New account

glibc: pointer guard circumvention

Package(s):glibc CVE #(s):CVE-2015-8777
Created:December 24, 2015 Updated:January 20, 2016
Description: From the SUSE bugzilla entry:

A weakness in the dynamic loader have been found, Glibc prior to 2.22.90 are affected. The issue is that the LD_POINTER_GUARD in the environment is not sanitized allowing local attackers easily to bypass the pointer guarding protection on set-user-ID and set-group-ID programs.

Details and PoC at: http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html

Quoting further: Pointer guarding is a security mechanism whereby some pointers to code stored in writable program memory (return addresses saved by setjmp(3) or function pointers used by various glibc internals) are mangled semi-randomly to make it more difficult for an attacker to hijack the pointers for use in the event of a buffer overrun or stack-smashing attack.

Alerts:
Gentoo 201702-11 glibc 2017-02-19
openSUSE openSUSE-SU-2015:2355-1 glibc 2015-12-24
Ubuntu USN-2985-2 eglibc, glibc 2016-05-26
Ubuntu USN-2985-1 eglibc, glibc 2016-05-25
SUSE SUSE-SU-2016:0786-1 sles12-docker-image 2016-03-16
SUSE SUSE-SU-2016:0778-1 sles11sp4-docker-image 2016-03-15
SUSE SUSE-SU-2016:0748-1 sles12sp1-docker-image 2016-03-14
Mageia MGASA-2016-0079 glibc 2016-02-19
Arch Linux ASA-201602-15 lib32-glibc 2016-02-17
SUSE SUSE-SU-2016:0470-1 glibc 2016-02-16
SUSE SUSE-SU-2016:0472-1 glibc 2016-02-16
SUSE SUSE-SU-2016:0473-1 glibc 2016-02-16
SUSE SUSE-SU-2016:0471-1 glibc 2016-02-16
openSUSE openSUSE-SU-2016:0490-1 glibc 2016-02-17
Fedora FEDORA-2016-0480defc94 glibc 2016-02-17
Arch Linux ASA-201602-14 glibc 2016-02-17
Debian DSA-3480-1 eglibc 2016-02-16
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds