Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1367

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1367
Last Modified 07 Mar 2011 10:06:59
Published 17 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1367

Summary

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.

Vulnerable Systems

Application

  • Gnu Gcc 4.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=437312

VUPEN - ADV-2008-2222

BID - 29084

SECUNIA - 31246

SECUNIA - 30962

SECUNIA - 30890

SECUNIA - 30850

SECUNIA - 30818

SECUNIA - 30116

SECUNIA - 30110

REDHAT - RHSA-2008:0508

MLIST - [git-commits-head] 20080307 x86: clear DF before calling signal handler

MISC - http://lwn.net/Articles/272048/#Comments

MLIST - [linux-kernel] 20080305 Linux doesn't follow x86/x86-64 ABI wrt direction flag

MLIST - [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

SUSE - SUSE-SA:2008:032

SUSE - SUSE-SA:2008:031

SUSE - SUSE-SA:2008:030

CONFIRM - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51

MLIST - [gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used

MLIST - [gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used

MLIST - [gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058

XF - gcc-cld-dos(41340)

REDHAT - RHSA-2008:0233

REDHAT - RHSA-2008:0211


Last Updated: 27 May 2016 10:47:08