[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Glibc Pointer guarding weakness

To: fulldisclosure@xxxxxxxxxxxx, bugs@xxxxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [FD] Glibc Pointer guarding weakness
From: Hector Marco-Gisbert <hecmargi@xxxxxx>
Date: Sat, 5 Sep 2015 18:49:15 +0200

Hello,

A weakness in the dynamic loader have been found, Glibc prior to 2.22.90are affected. The issue is that the LD_POINTER_GUARD in the environmentis not sanitized allowing local attackers easily to bypass the pointerguarding protection on set-user-ID and set-group-ID programs.



Details and PoC at:
http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html

A patch is already sent to Glibc maintainers. This issue is similar tohttp://hmarco.org/bugs/CVE-2013-4788.html but now affect to dynamiclinked applications.



--
Hector Marco-Gisbert @ http://hmarco.org/
Cyber Security Researcher @ http://cybersecurity.upv.es
Universitat Politècnica de València (Spain)

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
Next by Date: [FD] [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow
Previous by thread: [FD] Checkmarx CxQL Sandbox bypass (CVE-2014-8778)
Next by thread: [FD] [CVE-2014-7216] Yahoo! Messenger emoticons.xml Multiple Key Value Handling Local Buffer Overflow
Index(es):
- Date
- Thread