Glibc FORTIFY_SOURCE Protection Mechanism Can By Bypassed
|
|
SecurityTracker Alert ID: 1026810 |
|
SecurityTracker URL: http://securitytracker.com/id/1026810
|
|
CVE Reference:
CVE-2012-0864
(Links to External Site)
|
Date: Mar 15 2012
|
Impact:
Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Glibc. A remote or local user can bypass format string protection to execute arbitrary code.
If a format string flaw exists in the target application, a remote or local user can trigger an integer overflow in the FORTIFY_SOURCE format string protection mechanism and bypass the protection ostensibly provided by the mechanism to exploit the format string flaw.
Captain Planet reported this vulnerability.
|
Impact:
A remote or local user may be able to execute arbitrary code on the target system.
|
Solution:
The vendor has issued a source code fix, available at:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e
|
Vendor URL: www.gnu.org/software/libc/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Thu, 15 Mar 2012 17:57:35 +0000
Subject: glibc
|
http://sourceware.org/bugzilla/show_bug.cgi?id=13656
CVE-2012-0864
|
|
