oss-security - CVE Request: Glibc Pointer guarding weakness

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <55EB1D07.2060005@upv.es>
Date: Sat, 5 Sep 2015 18:49:11 +0200
From: Hector Marco-Gisbert <hecmargi@....es>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: Glibc Pointer guarding weakness

Hello,

A weakness in the dynamic loader have been found, Glibc prior to 2.22.90 
are affected. The issue is that the LD_POINTER_GUARD in the environment 
is not sanitized allowing local attackers easily to bypass the pointer 
guarding protection on set-user-ID and set-group-ID programs.

Details and PoC at:
http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html

A patch is already sent to Glibc maintainers. This issue is similar to 
http://hmarco.org/bugs/CVE-2013-4788.html but now affect to dynamic 
linked applications.

Could you please assign a CVE ?

-- 
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.