CVE Vulnerability

CVE-2007-3508

** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/glibc/2.5/1600_all_glibc-hwcap-mask-secure.patch?rev=1.1&view=markup
http://bugs.gentoo.org/show_bug.cgi?id=183844
http://www.sourceware.org/ml/libc-hacker/2007-07/msg00001.html
http://security.gentoo.org/glsa/glsa-200707-04.xml
http://www.securityfocus.com/bid/24758
http://www.securitytracker.com/id?1018334
http://secunia.com/advisories/25864 Vendor Advisory
http://www.vupen.com/english/advisories/2007/2418 Vendor Advisory
http://osvdb.org/37901
https://exchange.xforce.ibmcloud.com/vulnerabilities/35240
Configurations

Configuration 1

cpe:2.3:a:gentoo:glibc:*:r3:*:*:*:*:*:*
Information

Published : 2007-07-03 09:30

Updated : 2017-07-29 01:32

NVD link : CVE-2007-3508

Mitre link : CVE-2007-3508

Products Affected
No products.
CWE
CWE-189