Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17409
HistoryJul 04, 2007 - 12:00 a.m.

[ GLSA 200707-04 ] GNU C Library: Integer overflow

2007-07-0400:00:00
vulners.com
9
JSON

Gentoo Linux Security Advisory GLSA 200707-04

                                        http://security.gentoo.org/

Severity: Normal
Title: GNU C Library: Integer overflow
Date: July 03, 2007
Bugs: #183844
ID: 200707-04

Synopsis

An integer overflow in the dynamic loader, ld.so, could result in the
execution of arbitrary code with escalated privileges.

Background

The GNU C library is the standard C library used by Gentoo Linux
systems. It provides programs with basic facilities and interfaces to
system calls. ld.so is the dynamic linker which prepares dynamically
linked programs for execution by resolving runtime dependencies and
related functions.

Affected packages

-------------------------------------------------------------------
 Package         /  Vulnerable  /                       Unaffected
-------------------------------------------------------------------

1 sys-libs/glibc < 2.5-r4 >= 2.5-r4
-------------------------------------------------------------------
# Package 1 only applies to x86 users.

Description

Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in
the handling of the hardware capabilities mask by the dynamic loader.
If a mask is specified with a high population count, an integer
overflow could occur when allocating memory.

Impact

As the hardware capabilities mask is honored by the dynamic loader
during the execution of suid and sgid programs, in theory this
vulnerability could result in the execution of arbitrary code with root
privileges. This update is provided as a precaution against currently
unknown attack vectors.

Workaround

There is no known workaround at this time.

Resolution

All users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=sys-libs/glibc-2.5-r4&quot;

References

[ 1 ] CVE-2007-3508
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3508

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200707-04.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2007 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related

prion 1
openvas 2
cve 1
gentoo 1
securityvulns 1
nessus 1
ubuntucve 1
checkpoint_security 1
debiancve 1
prion
prion
Integer overflow
2007-07-03 21:30:00
openvas
openvas
Gentoo Security Advisory GLSA 200707-04 (glibc)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200707-04 (glibc)
2008-09-24 00:00:00
cve
cve
CVE-2007-3508
2007-07-03 21:30:00
gentoo
gentoo
GNU C Library: Integer overflow
2007-07-03 00:00:00
securityvulns
securityvulns
GNU C integer overflow
2007-07-04 00:00:00
nessus
nessus
GLSA-200707-04 : GNU C Library: Integer overflow
2007-07-04 00:00:00
ubuntucve
ubuntucve
CVE-2007-3508
2007-07-03 00:00:00
checkpoint_security
checkpoint_security
Check Point response to Integer Overflow Vulnerability in GNU C Library (CVE-2007-3508)
2007-07-11 21:00:00
debiancve
debiancve
CVE-2007-3508
2007-07-03 21:30:00
JSON
Related for SECURITYVULNS:DOC:17409
prion1openvas2cve1gentoo1securityvulns1nessus1ubuntucve1checkpoint_security1debiancve1