| <?xml version="1.0" encoding="utf-8"?> |
| <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> |
| |
| <glsa id="200707-04"> |
| <title>GNU C Library: Integer overflow</title> |
| <synopsis> |
| An integer overflow in the dynamic loader, ld.so, could result in the |
| execution of arbitrary code with escalated privileges. |
| </synopsis> |
| <product type="ebuild">glibc</product> |
| <announced>July 03, 2007</announced> |
| <revised>July 03, 2007: 01</revised> |
| <bug>183844</bug> |
| <access>local</access> |
| <affected> |
| <package name="sys-libs/glibc" auto="yes" arch="x86"> |
| <unaffected range="ge">2.5-r4</unaffected> |
| <vulnerable range="lt">2.5-r4</vulnerable> |
| </package> |
| </affected> |
| <background> |
| <p> |
| The GNU C library is the standard C library used by Gentoo Linux |
| systems. It provides programs with basic facilities and interfaces to |
| system calls. ld.so is the dynamic linker which prepares dynamically |
| linked programs for execution by resolving runtime dependencies and |
| related functions. |
| </p> |
| </background> |
| <description> |
| <p> |
| Tavis Ormandy of the Gentoo Linux Security Team discovered a flaw in |
| the handling of the hardware capabilities mask by the dynamic loader. |
| If a mask is specified with a high population count, an integer |
| overflow could occur when allocating memory. |
| </p> |
| </description> |
| <impact type="normal"> |
| <p> |
| As the hardware capabilities mask is honored by the dynamic loader |
| during the execution of suid and sgid programs, in theory this |
| vulnerability could result in the execution of arbitrary code with root |
| privileges. This update is provided as a precaution against currently |
| unknown attack vectors. |
| </p> |
| </impact> |
| <workaround> |
| <p> |
| There is no known workaround at this time. |
| </p> |
| </workaround> |
| <resolution> |
| <p> |
| All users should upgrade to the latest version: |
| </p> |
| <code> |
| # emerge --sync |
| # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.5-r4"</code> |
| </resolution> |
| <references> |
| <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3508">CVE-2007-3508</uri> |
| </references> |
| <metadata tag="submitter" timestamp="Sun, 01 Jul 2007 18:20:09 +0000"> |
| taviso |
| </metadata> |
| <metadata tag="bugReady" timestamp="Tue, 03 Jul 2007 13:34:58 +0000"> |
| taviso |
| </metadata> |
| </glsa> |