Date: Thu, 10 Jul 2014 20:52:24 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there. Bug report: https://sourceware.org/bugzilla/show_bug.cgi?id=17137 Git commits: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d183645616b Related alloca hardening (technically not covered by the CVE assignment) https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4e8f95a0df7 Actual fix https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=58536726692 Documentation updates (To backport the new test in a reliable fashion, you need to tweak the Makefile to set the LOCPATH environment variable.)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ