GNU GCC 4.1 ‘stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c’ Buffer Overflow Vulnerability

Summary

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

Credit:

The information has been provided by Thomas
The original article can be found at: https://www.gnu.org/software/gcc/gcc-8/changes.html


Details

GNU GCC is prone to a overflow vulnerability.This allows a remote attackers to execute arbitrary code via crafted packets and cause a denial of service (memory corruption)

 

Vulnerable Systems:

  • GNU GCC 4.1
  • GNU GCC 4.1.1
  • GNU GCC 4.1.2
  • GNU GCC 4.2.0
  • GNU GCC 4.2.1
  • GNU GCC 4.2.2
  • GNU GCC 4.2.3
  • GNU GCC 4.2.4
  • GNU GCC 4.3.0
  • GNU GCC 4.3.1
  • GNU GCC 4.3.2
  • GNU GCC 4.3.3
  • GNU GCC 4.3.4
  • GNU GCC 4.3.5
  • GNU GCC 4.3.6
  • GNU GCC 4.4.0
  • GNU GCC 4.4.1
  • GNU GCC 4.4.2
  • GNU GCC 4.4.3
  • GNU GCC 4.4.4
  • GNU GCC 4.4.5
  • GNU GCC 4.4.6
  • GNU GCC 4.4.7
  • GNU GCC 5.0
  • GNU GCC 5.1
  • GNU GCC 5.2
  • GNU GCC 5.3
  • GNU GCC 5.4
  • GNU GCC 6
  • GNU GCC 6.0
  • GNU GCC 4.6.1
  • GNU GCC 4.6.2
  • GNU GCC 4.6.3
  • GNU GCC 4.6.4
  • GNU GCC 4.7
  • GNU GCC 4.7.0
  • GNU GCC 4.7.1
  • GNU GCC 4.7.2
  • GNU GCC 4.7.3
  • GNU GCC 4.7.4
  • GNU GCC 4.8
  • GNU GCC 4.8.0
  • GNU GCC 4.8.1
  • GNU GCC 4.8.2
  • GNU GCC 4.8.3
  • GNU GCC 4.8.4
  • GNU GCC 4.8.5
  • GNU GCC 4.9
  • GNU GCC 4.9.0
  • GNU GCC 4.9.1
  • GNU GCC 4.9.2
  • GNU GCC 4.9.3
  • GNU GCC 4.9.4
  • GNU GCC 5.0
  • GNU GCC 5.1
  • GNU GCC 5.2
  • GNU GCC 5.3
  • GNU GCC 5.4
  • GNU GCC 5.5
  • GNU GCC 6.0
  • GNU GCC 6.1
  • GNU GCC 6.2
  • GNU GCC 6.3
  • GNU GCC 6.5
  • GNU GCC 7.2
  • GNU GCC 7.3
  • GNU GCC 7.4
  • GNU GCC 8.0

CVE Information:
CVE-2018-12886

Disclosure Timeline:
Publish Date:05/22/2019

Categories: News