We have received a report of potential vulnerabilities in the BreachDetector solution as listed below:
Risk Value - M3
Issue Description - Missing Fortified Functions
Details - This finding is for Android. The shared object does not have any fortified functions. Fortified functions provide buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. The affected libraries are:
armeabi-v7a/libtool-checker.so
armeabi-v7a/libanti.so
arm64-v8a/libtool-checker.so
arm64-v8a/libanti.so
Recommendation - Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions
We have received a report of potential vulnerabilities in the BreachDetector solution as listed below:
Risk Value - M3
Issue Description - Missing Fortified Functions
Details - This finding is for Android. The shared object does not have any fortified functions. Fortified functions provide buffer overflow checks against glibc's commons insecure functions like strcpy, gets etc. The affected libraries are:
armeabi-v7a/libtool-checker.so
armeabi-v7a/libanti.so
arm64-v8a/libtool-checker.so
arm64-v8a/libanti.so
Recommendation - Use the compiler option -D_FORTIFY_SOURCE=2 to fortify functions