It was found that targets using gcc's libssp library for Stack Smashing Protection (among others: Cygwin, MinGW, newlib, RTEMS; but not Glibc, Bionic, NetBSD which provide SSP in libc), are missing the Object Size Checking feature, even when explicitly requested with _FORTIFY_SOURCE. Vulnerable binaries compiled against such targets do not benefit of such protection, increasing the chances of success of a buffer overflow attack.
Find out more about CVE-2016-4973 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
CVSS3 Base Score | 3.6 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Attack Vector | Local |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | Required |
Scope | Changed |
Confidentiality | None |
Integrity Impact | Low |
Availability Impact | None |
Platform | Package | State |
---|---|---|
Red Hat Enterprise Linux 7 | compat-gcc-32 | Not affected |
Red Hat Enterprise Linux 7 | compat-gcc-44 | Not affected |
Red Hat Enterprise Linux 7 | compat-gcc-34 | Not affected |
Red Hat Enterprise Linux 7 | gcc | Not affected |
Red Hat Enterprise Linux 6 | gcc | Not affected |
Red Hat Enterprise Linux 6 | compat-gcc-296 | Not affected |
Red Hat Enterprise Linux 6 | compat-gcc-295 | Not affected |
Red Hat Enterprise Linux 6 | compat-gcc-32 | Not affected |
Red Hat Enterprise Linux 6 | compat-gcc-34 | Not affected |
Red Hat Enterprise Linux 5 | compat-gcc-34 | Not affected |
Red Hat Enterprise Linux 5 | gcc | Not affected |
Red Hat Enterprise Linux 5 | compat-gcc-32 | Not affected |
Red Hat Enterprise Linux 5 | gcc44 | Not affected |
Red Hat Enterprise Linux 5 | compat-gcc-296 | Not affected |
Red Hat Enterprise Linux 5 | compat-gcc-295 | Not affected |