ID CVE-2007-3508
Summary ** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.
References
Vulnerable Configurations
  • Gentoo glibc 2.5 rc3
    cpe:2.3:a:gentoo:glibc:2.5:r3
CVSS
Base: 7.2 (as of 04-07-2007 - 18:03)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Gentoo Local Security Checks
NASL id GENTOO_GLSA-200707-04.NASL
description The remote host is affected by the vulnerability described in GLSA-200707-04 (GNU C Library: Integer overflow) Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in the handling of the hardware capabilities mask by the dynamic loader. If a mask is specified with a high population count, an integer overflow could occur when allocating memory. Impact : As the hardware capabilities mask is honored by the dynamic loader during the execution of suid and sgid programs, in theory this vulnerability could result in the execution of arbitrary code with root privileges. This update is provided as a precaution against currently unknown attack vectors. Workaround : There is no known workaround at this time.
last seen 2019-02-21
modified 2018-08-10
plugin id 25665
published 2007-07-04
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=25665
title GLSA-200707-04 : GNU C Library: Integer overflow
refmap via4
bid 24758
confirm http://bugs.gentoo.org/show_bug.cgi?id=183844
gentoo GLSA-200707-04
misc http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/glibc/2.5/1600_all_glibc-hwcap-mask-secure.patch?rev=1.1&view=markup
mlist [libc-hacker] [PATCH] Fix LD_HWCAP_MASK handling
osvdb 37901
sectrack 1018334
secunia 25864
vupen ADV-2007-2418
xf glibc-envvars-overflow(35240)
statements via4
  • contributor Vincent Danen
    lastmodified 2007-09-17
    organization Mandriva
    statement Based on the analysis of Red Hat and several Glibc developers, Mandriva does not believe this to be exploitable.
  • contributor Joshua Bressers
    lastmodified 2007-07-05
    organization Red Hat
    statement After careful analysis by Red Hat and several Glibc developers, it has been determined that this bug is not exploitable. For more information please see Red Hat Bugzilla bug #247208 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247208
Last major update 05-11-2012 - 22:42
Published 03-07-2007 - 17:30
Last modified 28-07-2017 - 21:32
Back to Top