Vigil@nce: Linux kernel, memory corruption via gcc
June 2008 by Vigil@nce
SYNTHESIS
A program compiled with gcc 4.3 can corrupt the memory of Linux
kernel under x86.
Gravity: 2/4
Consequences: administrator access/rights, denial of service of
service
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: medium (2/3)
Creation date: 26/06/2008
Identifier: VIGILANCE-VUL-7913
IMPACTED PRODUCTS
– Linux kernel [confidential versions]
– OpenSUSE [confidential versions]
– Red Hat Enterprise Linux [confidential versions]
DESCRIPTION
Since its version 4.3, gcc honours the ABI (Application Binary
Interface) which requires the DF (Direction Flag) bit to be reset
before calling a function, on a x86 processor.
However, the Linux kernel does not always reset this flag. A copy
operation can thus be done in the reverse direction and corrupt
the memory.
An attacker can thus exploit a suid program compiled with gcc 4.3
in order to corrupt the memory, and eventually to execute code
with high privileges.
CHARACTERISTICS
Identifiers: 437312, CVE-2008-1367, RHSA-2008:0211-01,
RHSA-2008:0233-01, RHSA-2008:0508-01, SUSE-SA:2008:030,
VIGILANCE-VUL-7913