• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU GLibC LD.SO Mask Dynamic Loader Integer Overflow Vulnerability

Bugtraq ID:	24758
Class:	Boundary Condition Error
CVE:	CVE-2007-3508
Remote:	Yes
Local:	No
Published:	Jul 03 2007 12:00AM
Updated:	Jul 04 2007 11:07PM
Credit:	Tavis Ormandy of the Gentoo Linux Security Team discovered this issue.
Vulnerable:	GNU glibc 2.3.10 + Debian Linux 2.2 GNU glibc 2.3.4 GNU glibc 2.3.3 + MandrakeSoft apcupsd 2006.0 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + MandrakeSoft Linux Mandrake 10.0 AMD64 + MandrakeSoft Linux Mandrake 10.0 + RedHat Fedora Core2 GNU glibc 2.3.2 + Conectiva Linux 9.0 + RedHat Linux 9.0 i386 + RedHat Linux 8.0 + Trustix Secure Linux 2.0 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 GNU glibc 2.3.1 + Conectiva Linux 9.0 + MandrakeSoft Linux Mandrake 9.1 ppc + MandrakeSoft Linux Mandrake 9.1 + Slackware Linux 9.0 GNU glibc 2.3 GNU glibc 2.2.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Gentoo Linux 0.7 + Gentoo Linux 0.5 + MandrakeSoft Corporate Server 2.1 x86_64 + MandrakeSoft Corporate Server 2.1 + MandrakeSoft Linux Mandrake 9.0 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + Slackware Linux 8.1 GNU glibc 2.2.4 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + Conectiva Linux 8.0 + HP Secure OS software for Linux 1.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + RedHat Enterprise Linux AS 2.1 IA64 + RedHat Enterprise Linux AS 2.1 + RedHat Enterprise Linux ES 2.1 IA64 + RedHat Enterprise Linux ES 2.1 + RedHat Enterprise Linux WS 2.1 IA64 + RedHat Enterprise Linux WS 2.1 + RedHat Linux 7.2 i686 + RedHat Linux 7.2 i386 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i686 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alphaev6 + RedHat Linux 7.1 alpha + RedHat Linux 7.0 alphaev6 + RedHat Linux 7.0 i686 + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux Advanced Work Station 2.1 + S.u.S.E. Linux 8.0 i386 + S.u.S.E. Linux 8.0 + S.u.S.E. Linux 7.3 sparc + S.u.S.E. Linux 7.3 ppc + S.u.S.E. Linux 7.3 i386 + S.u.S.E. Linux 7.3 + S.u.S.E. Linux Database Server 0 + S.u.S.E. Linux Enterprise Server 7 + S.u.S.E. Linux Enterprise Server for S/390 + S.u.S.E. Linux Firewall on CD + S.u.S.E. SuSE eMail Server III + Sun Linux 5.0.7 + Sun Linux 5.0.6 + Sun Linux 5.0.5 + Sun Linux 5.0.3 + Sun Linux 5.0 GNU glibc 2.2.3 + Conectiva Linux 7.0 GNU glibc 2.2.2 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + S.u.S.E. Linux 7.2 i386 + S.u.S.E. Linux 7.2 GNU glibc 2.2.1 GNU glibc 2.2 + S.u.S.E. Linux 7.1 x86 + S.u.S.E. Linux 7.1 sparc + S.u.S.E. Linux 7.1 ppc + S.u.S.E. Linux 7.1 alpha + S.u.S.E. Linux 7.1 + Wirex Immunix OS 7+ GNU glibc 2.1.3 -10 + Debian Linux 2.2 GNU glibc 2.1.3 + Conectiva Linux 6.0 + Conectiva Linux 5.1 + Conectiva Linux 5.0 + Conectiva Linux graficas + Conectiva Linux ecommerce + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 IA-32 + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + EnGarde Secure Linux 1.0.1 + HP Secure OS software for Linux 1.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.1 + MandrakeSoft Single Network Firewall 7.2 + Openwall Openwall GNU/*/Linux 0.1 -stable + RedHat Linux 6.2 sparcv9 + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha + RedHat Linux 6.2 + S.u.S.E. Linux 7.0 sparc + S.u.S.E. Linux 7.0 ppc + S.u.S.E. Linux 7.0 i386 + S.u.S.E. Linux 7.0 alpha + S.u.S.E. Linux 7.0 + S.u.S.E. Linux 6.4 ppc + S.u.S.E. Linux 6.4 i386 + S.u.S.E. Linux 6.4 alpha + S.u.S.E. Linux 6.4 + Trustix Secure Linux 1.5 + Trustix Secure Linux 1.2 + Trustix Secure Linux 1.1 + Trustix Secure Linux 1.0 1 GNU glibc 2.1.2 GNU glibc 2.1.1 -6 + RedHat Linux 6.0 GNU glibc 2.1.1 GNU glibc 2.1 GNU glibc 2.0.6 GNU glibc 2.0.5 GNU glibc 2.0.4 GNU glibc 2.0.3 GNU glibc 2.0.2 GNU glibc 2.0.1 GNU glibc 2.0 GNU glibc 2.5.0 GNU Cfengine 1.2.3 Gentoo Linux
Not Vulnerable: