Vulnerability Name:

CVE-2007-3508 (CCN-35240)

Assigned:2007-07-03
Published:2007-07-03
Updated:2017-07-29
Summary:** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value.
Note: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Privileges
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=183844

Source: MITRE
Type: CNA
CVE-2007-3508

Source: OSVDB
Type: UNKNOWN
37901

Source: SECUNIA
Type: Vendor Advisory
25864

Source: GENTOO
Type: UNKNOWN
GLSA-200707-04

Source: CCN
Type: SECTRACK ID: 1018334
Glibc LD_HWCAP_MASK Integer Overflow Lets Local Users Execute Arbitrary Code

Source: MISC
Type: UNKNOWN
http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/glibc/2.5/1600_all_glibc-hwcap-mask-secure.patch?rev=1.1&view=markup

Source: CCN
Type: GLSA-200707-04
GNU C Library: Integer overflow

Source: CCN
Type: GNU C Library Web page
GNC C Library - GNU Project - Free Software Foundation (FSF)

Source: CCN
Type: OSVDB ID: 37901
GNU C Library (glibc) elf/rtld.c process_envvars Function LD_HWCAP_MASK Environment Variable Local Overflow

Source: BID
Type: UNKNOWN
24758

Source: CCN
Type: BID-24758
GNU GLibC LD.SO Mask Dynamic Loader Integer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018334

Source: MLIST
Type: UNKNOWN
[libc-hacker] [PATCH] Fix LD_HWCAP_MASK handling

Source: VUPEN
Type: Vendor Advisory
ADV-2007-2418

Source: XF
Type: UNKNOWN
glibc-envvars-overflow(35240)

Source: XF
Type: UNKNOWN
glibc-envvars-overflow(35240)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gentoo:glibc:*:r3:*:*:*:*:*:* (Version <= 2.5)

    • Configuration CCN 1:
  • cpe:/a:gentoo:glibc:2.5:r3:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    gentoo glibc * r3
    gentoo glibc 2.5 r3
    gentoo linux *