Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Aug 2014 02:01:55 -0400 (EDT)
From: cve-assign@...re.org
To: fweimer@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>> iconv/gconv_charset.h:strip() normalizes the transliteration argument to
>> iconv_open, so the resulting file names follow a particular pattern, and
>> there cannot be enough slashes to ascend to a writable directory.
>>
>>> if not maybe the one byte overflow is still exploitable.
>>
>> Hmm.  How likely is that?  It overflows in to malloc metadata, and the
>> glibc malloc hardening should catch that these days.
>
> Not necessarily on 32-bit architectures, so I agree with Tavis now, and
> we need a CVE.  The upstream bug is:
>
>    <https://sourceware.org/bugzilla/show_bug.cgi?id=17187>

Use CVE-2014-5119. A CVE-2005-#### number isn't needed because the
msg00091.html message (referenced in 17187) does not state any
security implications.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT6v7uAAoJEKllVAevmvmseTkIAMfWM1+WNFXL0zj5YmVAbl6e
VzXYStCQinR6ilSaFQE52uar5CagHTcEXlvsOMgyB+SgVKDFNjlb4ClSdXIrJsPN
CNVnG2kBwPMIYKYoddVk+wor4+HzhGfBMb9x59UzWFgyjtjo8oNL5rIIlVV06ta2
nX8MD4sk8b0aT0cNiahw59iH0raeGcvoGEJE9xweOTd9OU5psJUr3tw1qOXBTPTz
uX8HJ8rWnxDEzFsAy4/qkNLAutoxwx0NXJgKul+xP5Tgg2KkdUWhu2rPm8Kb5swe
v4IFlq8/TmItAClFdrGBv3/NwaGNubrfthEG0t7uuVQKy4FIIkVOvks7M98h1Ug=
=B7sS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ