Articles with tag: Debian
POSTED BY: Dimitrios Glynos / 21.01.2009

Static SSP canary in Debian libc6

CENSUS ID:CENSUS-2009-0001
Affected Products:All SSP-armoured applications, statically or dynamically linked against the libc6 library (versions ≤ 2.7) provided by the Debian GNU/Linux project.
Class:Degraded performance of security mechanism due to misconfiguration.
Discovered by:Dimitris Glynos

We have found that Debian packages of the GNU libc library (versions prior to and including 2.7) provide a static (i.e. guessable) canary value to all applications armoured with the gcc SSP mechanism.