Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1367


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1367
Last Modified 07 Mar 2011 10:06:59
Published 17 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.

Vulnerable Systems


  • Gnu Gcc 4.3



VUPEN - ADV-2008-2222

BID - 29084

SECUNIA - 31246

SECUNIA - 30962

SECUNIA - 30890

SECUNIA - 30850

SECUNIA - 30818

SECUNIA - 30116

SECUNIA - 30110

REDHAT - RHSA-2008:0508

MLIST - [git-commits-head] 20080307 x86: clear DF before calling signal handler


MLIST - [linux-kernel] 20080305 Linux doesn't follow x86/x86-64 ABI wrt direction flag

MLIST - [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix

SUSE - SUSE-SA:2008:032

SUSE - SUSE-SA:2008:031

SUSE - SUSE-SA:2008:030

CONFIRM -;a=commit;h=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51

MLIST - [gcc-patches] 20080307 Re: [PATCH, i386]: Emit cld instruction when stringops are used

MLIST - [gcc-patches] 20080306 Re: [PATCH, i386]: Emit cld instruction when stringops are used

MLIST - [gcc-patches] 20080306 [PATCH, i386]: Emit cld instruction when stringops are used


XF - gcc-cld-dos(41340)

REDHAT - RHSA-2008:0233

REDHAT - RHSA-2008:0211

Last Updated: 27 May 2016 10:47:08