Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xcode | Apple | * | 6.2 (including) |
| Llvm | Ubuntu | lucid | * |
| Llvm-toolchain-3.3 | Ubuntu | precise | * |
| Llvm-toolchain-3.3 | Ubuntu | trusty | * |
| Llvm-toolchain-3.3 | Ubuntu | utopic | * |
| Llvm-toolchain-3.4 | Ubuntu | precise | * |
| Llvm-toolchain-3.4 | Ubuntu | trusty | * |
| Llvm-toolchain-3.4 | Ubuntu | utopic | * |
| Llvm-toolchain-3.4 | Ubuntu | vivid | * |
| Llvm-toolchain-3.4 | Ubuntu | wily | * |
| Llvm-toolchain-3.5 | Ubuntu | esm-apps/xenial | * |
| Llvm-toolchain-3.5 | Ubuntu | utopic | * |
| Llvm-toolchain-3.5 | Ubuntu | vivid | * |
| Llvm-toolchain-3.5 | Ubuntu | wily | * |
| Llvm-toolchain-3.5 | Ubuntu | xenial | * |
| Llvm-toolchain-3.5 | Ubuntu | yakkety | * |
| Llvm-toolchain-3.6 | Ubuntu | esm-infra-legacy/trusty | * |
| Llvm-toolchain-3.6 | Ubuntu | esm-infra/xenial | * |
| Llvm-toolchain-3.6 | Ubuntu | trusty | * |
| Llvm-toolchain-3.6 | Ubuntu | trusty/esm | * |
| Llvm-toolchain-3.6 | Ubuntu | utopic | * |
| Llvm-toolchain-3.6 | Ubuntu | vivid | * |
| Llvm-toolchain-3.6 | Ubuntu | vivid/stable-phone-overlay | * |
| Llvm-toolchain-3.6 | Ubuntu | wily | * |
| Llvm-toolchain-3.6 | Ubuntu | xenial | * |
| Llvm-toolchain-3.6 | Ubuntu | yakkety | * |
| Llvm-toolchain-snapshot | Ubuntu | trusty | * |
References
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html
- http://www.securityfocus.com/bid/73987
- http://www.securitytracker.com/id/1032081
- https://support.apple.com/HT204663
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00004.html
- http://www.securityfocus.com/bid/73987
- http://www.securitytracker.com/id/1032081
- https://support.apple.com/HT204663