CVE-2007-3508

2007-07-03 23:30:00 2017-07-29 03:32:20

** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Gentoo glibc 2.5 rc3

Gentoo - Glibc

Advisory	Patch	Confirmed	Link
			glibc-envvars-overflow(35240)
			ADV-2007-2418
			[libc-hacker] [PATCH] Fix LD_HWCAP_MASK handling
			1018334
			24758
			http://sources.gentoo.org/viewcvs.py/gentoo/src/patchset...
			GLSA-200707-04
			http://bugs.gentoo.org/show_bug.cgi?id=183844

CVE-2007-3508

2007-07-03 23:30:00 2017-07-29 03:32:20

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)