It was found that targets using gcc's libssp library for Stack Smashing Protection (among others: Cygwin, MinGW, newlib, RTEMS; but not Glibc, Bionic, NetBSD which provide SSP in libc), are missing the Object Size Checking feature, even when explicitly requested with _FORTIFY_SOURCE. Vulnerable binaries compiled against such targets do not benefit of such protection, increasing the chances of success of a buffer overflow attack.
Find out more about CVE-2016-4973 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 3.6 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
| Attack Vector | Local |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality | None |
| Integrity Impact | Low |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 7 | compat-gcc-32 | Not affected |
| Red Hat Enterprise Linux 7 | compat-gcc-44 | Not affected |
| Red Hat Enterprise Linux 7 | compat-gcc-34 | Not affected |
| Red Hat Enterprise Linux 7 | gcc | Not affected |
| Red Hat Enterprise Linux 6 | gcc | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-296 | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-295 | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-32 | Not affected |
| Red Hat Enterprise Linux 6 | compat-gcc-34 | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-34 | Not affected |
| Red Hat Enterprise Linux 5 | gcc | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-32 | Not affected |
| Red Hat Enterprise Linux 5 | gcc44 | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-296 | Not affected |
| Red Hat Enterprise Linux 5 | compat-gcc-295 | Not affected |
Vulmon