Vulnerability CVE-2008-1367

Vulnerability Name:

CVE-2008-1367 (CCN-41340)

Assigned:

2008-03-05

Published:

2008-03-05

Updated:

2017-09-29

Summary:

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption.
Note: this issue was originally reported for CPU consumption in SBCL.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-399

Vulnerability Consequences:

Denial of Service

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058

Source: MITRE
Type: CNA
CVE-2008-1367

Source: CCN
Type: GCC Mailing List, Thu, 6 Mar 2008 16:55:21 +0100
[PATCH, i386]: Emit cld instruction when stringops are used

Source: MLIST
Type: UNKNOWN
[gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used

Source: MLIST
Type: UNKNOWN
[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used

Source: MLIST
Type: UNKNOWN
[gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used

Source: MLIST
Type: UNKNOWN
[gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used

Source: CONFIRM
Type: UNKNOWN
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:030

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:031

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:032

Source: CCN
Type: VMware Security-Announce Mailing List, Mon Jul 28 18:11:35 PDT 2008
VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

Source: MLIST
Type: UNKNOWN
[Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

Source: MLIST
Type: Exploit
[linux-kernel] 20080305 Linux doesn't follow x86/x86-64 ABI wrt direction flag

Source: MISC
Type: UNKNOWN
http://lwn.net/Articles/272048/#Comments

Source: MLIST
Type: UNKNOWN
[git-commits-head] 20080307 x86: clear DF before calling signal handler

Source: CCN
Type: RHSA-2008-0211
Important: kernel security and bug fix update

Source: CCN
Type: RHSA-2008-0233
Important: kernel security and bug fix update

Source: CCN
Type: RHSA-2008-0508
Important: kernel security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0508

Source: SECUNIA
Type: UNKNOWN
30110

Source: SECUNIA
Type: UNKNOWN
30116

Source: SECUNIA
Type: UNKNOWN
30818

Source: SECUNIA
Type: UNKNOWN
30850

Source: SECUNIA
Type: UNKNOWN
30890

Source: SECUNIA
Type: UNKNOWN
30962

Source: CCN
Type: SA31246
VMware ESX Server update for Samba and vmnix

Source: SECUNIA
Type: UNKNOWN
31246

Source: CCN
Type: ASA-2008-203
kernel security and bug fix update (RHSA-2008-0211)

Source: CCN
Type: ASA-2008-287
kernel security and bug fix update (RHSA-2008-0508)

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0211

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0233

Source: BID
Type: UNKNOWN
29084

Source: CCN
Type: BID-29084
Linux Kernel Direction Flag Local Memory Corruption Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-2222

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=437312

Source: XF
Type: UNKNOWN
gcc-cld-dos(41340)

Source: XF
Type: UNKNOWN
gcc-cld-dos(41340)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11108

Source: SUSE
Type: SUSE-SA:2008:030
Linux kernel security update

Source: SUSE
Type: SUSE-SA:2008:031
Linux kernel security problems

Source: SUSE
Type: SUSE-SA:2008:032
SUSE Linux Enterprise 10 SP1 Linux kernel

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gcc:4.3:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:gcc:4.3.0:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*

OR cpe:/a:vmware:esx_server:3.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20081367	V	CVE-2008-1367	2015-11-16
oval:org.mitre.oval:def:21800	P	ELSA-2008:0233: kernel security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:11108	V	gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.	2013-04-29
oval:com.redhat.rhsa:def:20080508	P	RHSA-2008:0508: kernel security and bug fix update (Important)	2008-06-25
oval:com.redhat.rhsa:def:20080211	P	RHSA-2008:0211: kernel security and bug fix update (Important)	2008-05-07
oval:com.redhat.rhsa:def:20080233	P	RHSA-2008:0233: kernel security and bug fix update (Important)	2008-05-07

BACK