Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 17 Aug 2016 18:03:05 +0200
From: Cedric Buissart <cbuissar@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-4973 gcc: Targets using libssp for SSP are missing
 -D_FORTIFY_SOURCE functionality

Hi,

This is to disclose the following CVE:

CVE-2016-4973 gcc: Targets using libssp for SSP are missing
-D_FORTIFY_SOURCE functionality

It was found that targets using gcc's libssp library for Stack Smashing
Protection (among others: Cygwin, MinGW, newlib, RTEMS; but not Glibc,
Bionic, NetBSD which provide SSP in libc), are missing the Object Size
Checking feature, even when explicitly requested with _FORTIFY_SOURCE.
Vulnerable binaries compiled against such targets do not benefit of such
protection, increasing the chances of success of a buffer overflow attack.

There is currently no upstream patch. Discussions on the subject & patch
proposal can be found in the Red Hat corresponding bugzilla :
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4973

Impact: Low

CVSSv3 scoring : 3.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Note regarding the scoring : only the GCC flaw was taken into account, not
its potential combination with a flaw in an affected binary.

The flaw was reported by Yaakov Selkowitz (Red Hat)

Best regards,

Cedric

-- 
Cedric Buissart,
Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ