CVE-2013-4788

Publication date 4 October 2013

Last updated 24 July 2024


Ubuntu priority

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Read the notes from the security team

Status

Package Ubuntu Release Status
eglibc 14.04 LTS trusty
Not affected
13.10 saucy Ignored
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored
10.04 LTS lucid Ignored

Notes


jdstrand

PoC in linux-distros@ (tested on Ubuntu 12.04, 13.04 and Debian 7.1) Only statically compiled executables, dynamic not affected upstream patch not available as of 2013-07-12


seth-arnold

PTR MANGLE is a security-hardening feature; exploiting this flaw requires a flaw in a statically linked executable that allows write access to one of the types of pointers that is mangled. Fixing the consequences of this flaw requires rebuilding all security-sensitive statically linked executables.


mdeslaur

fix for this was reverted in saucy as it was causing the ARM testuite to fail.


sbeattie

fix was re-enabled in trusty with the addition of the patches/any/cvs-CVE-2013-4788-static-ptrguard-arm.diff patch.


mdeslaur

we will not be fixing this issue for earlier releases.