[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1367Date: (C)2008-03-17   (M)2023-12-22


gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
BID-29084
SECUNIA-30110
SECUNIA-30116
SECUNIA-30818
SECUNIA-30850
SECUNIA-30890
SECUNIA-30962
SECUNIA-31246
ADV-2008-2222
RHSA-2008:0211
RHSA-2008:0233
RHSA-2008:0508
SUSE-SA:2008:030
SUSE-SA:2008:031
SUSE-SA:2008:032
http://lists.vmware.com/pipermail/security-announce/2008/000023.html
http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html
[gcc-patches]
http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html
http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html
http://marc.info/?l=git-commits-head&m=120492000901739&w=2
http://lkml.org/lkml/2008/3/5/207
gcc-cld-dos(41340)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51
http://lwn.net/Articles/272048/#Comments
https://bugzilla.redhat.com/show_bug.cgi?id=437312
oval:org.mitre.oval:def:11108

CWE    1
CWE-399

© SecPod Technologies