Gnu c Library Security Restriction Bypass Vulnerability (CVE-2015-8777)
Gnu c Library Security Restriction Bypass Vulnerability (CVE-2015-8777)
Release date:
Updated on:
Affected Systems:
Gnu c Library (glibc) <2.23
Description:
CVE (CAN) ID: CVE-2015-8777
Glibc is the libc library released by GNU, that is, the c Runtime Library. Glibc is the most underlying api in linux, and almost any other Runtime Library depends on glibc.
In versions earlier than gnu c Library (glibc or libc6) 2.23, process_envvars, a function in elf/rtld. c, has a security vulnerability. Using the zero value in the LD_POINTER_GUARD environment variable, local users can exploit this vulnerability to bypass the pointer protection mechanism.
<* Source: Ismael Ripoll
*>
Suggestion:
Vendor patch:
GNU
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://sourceware.org/bugzilla/show_bug.cgi? Id = 18928
This article permanently updates the link address: