CVE-2007-3508

Publication date 3 July 2007

Last updated 24 July 2024

Ubuntu priority

** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
glibc	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Fixed 2.6.1-1ubuntu8
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

upstream believes this to be unexploitable

References

MITRE
NVD
Launchpad
Debian

Other references

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431858
https://www.cve.org/CVERecord?id=CVE-2007-3508