Vulnerability CVE-2018-5392

Vulnerability Name:

CVE-2018-5392 (CCN-147956)

Assigned:

2018-08-03

Published:

2018-08-03

Updated:

2019-10-09

Summary:

mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2018-5392

Source: CCN
Type: US-CERT VU#307144
mingw-w64 by default produces executables that opt in to ASLR, but are not compatible with ASLR

Source: XF
Type: UNKNOWN
mingww64-cve20185392-weak-security(147956)

Source: CCN
Type: MinGW-w64 Web page
MinGW-w64 - for 32 and 64 bit Windows

Source: CCN
Type: Sourceware Bugzilla Bug 17321
add --enable-reloc-section option to generate proper relocation sections to .exes

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#307144

Vulnerable Configuration:

Configuration 1:

cpe:/a:mingw:mingw-w64:5.0.4:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mingw-w64:mingw-w64:5.0.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.disco:def:201853920000000	V	CVE-2018-5392 on Ubuntu 19.04 (disco) - low.	2018-08-14
oval:com.ubuntu.bionic:def:20185392000	V	CVE-2018-5392 on Ubuntu 18.04 LTS (bionic) - low.	2018-08-14
oval:com.ubuntu.cosmic:def:201853920000000	V	CVE-2018-5392 on Ubuntu 18.10 (cosmic) - low.	2018-08-14
oval:com.ubuntu.cosmic:def:20185392000	V	CVE-2018-5392 on Ubuntu 18.10 (cosmic) - low.	2018-08-14
oval:com.ubuntu.bionic:def:201853920000000	V	CVE-2018-5392 on Ubuntu 18.04 LTS (bionic) - low.	2018-08-14
oval:com.ubuntu.trusty:def:20185392000	V	CVE-2018-5392 on Ubuntu 14.04 LTS (trusty) - low.	2018-08-14
oval:com.ubuntu.xenial:def:201853920000000	V	CVE-2018-5392 on Ubuntu 16.04 LTS (xenial) - low.	2018-08-14
oval:com.ubuntu.xenial:def:20185392000	V	CVE-2018-5392 on Ubuntu 16.04 LTS (xenial) - low.	2018-08-14

BACK