CVE-2013-4788

The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
eglibc	14.04 LTS trusty	Not affected
	13.10 saucy	Ignored
	13.04 raring	Ignored end of life
	12.10 quantal	Ignored end of life
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored

Notes

jdstrand

PoC in linux-distros@ (tested on Ubuntu 12.04, 13.04 and Debian 7.1) Only statically compiled executables, dynamic not affected upstream patch not available as of 2013-07-12

seth-arnold

PTR MANGLE is a security-hardening feature; exploiting this flaw requires a flaw in a statically linked executable that allows write access to one of the types of pointers that is mangled. Fixing the consequences of this flaw requires rebuilding all security-sensitive statically linked executables.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
eglibc	Other: http://hmarco.org/bugs/patches/ptr_mangle-eglibc-2.17.patch Upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=c61b4d41c9647a54a329aa021341c0eb032b793e Upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=0b1f8e35640f5b3f7af11764ade3ff060211c309 Upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=5ebbff8fd1529aec13ac4d2906c1a36f3e738519

Status

Notes

jdstrand

seth-arnold

mdeslaur

sbeattie

mdeslaur

Patch details

References

Other references