Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Jul 2014 15:09:30 -0400
From: Rich Felker <>
Subject: Re: CVE-2014-0475: glibc directory traversal in LC_*
 locale handling

On Thu, Jul 10, 2014 at 08:52:24PM +0200, Florian Weimer wrote:
> Stephane Chazelas discovered that directory traversal issue in locale
> handling in glibc.  glibc accepts relative paths with ".." components
> in the LC_* and LANG variables.  Together with typical OpenSSH
> configurations (with suitable AcceptEnv settings in sshd_config), this
> could conceivably be used to bypass ForceCommand restrictions (or
> restricted shells), assuming the attacker has sufficient level of
> access to a file system location on the host to create crafted locale
> definitions there.

Am I correct in assuming this affects most typical git setups (e.g.
gitolite) using ssh authorized_keys files with forced commands, where
the malicious file could simply be created as part of the git
repository? Or are these usually setup to filter the environment?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ