Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 Aug 2014 14:08:16 +0100
From: John Haxby <>
Subject: Re: Re: [CVE Request] glibc iconv_open buffer overflow
 (was: Re: Re: glibc locale issues)

On 13/08/14 07:01, wrote:
>>> iconv/gconv_charset.h:strip() normalizes the transliteration argument to
>>> iconv_open, so the resulting file names follow a particular pattern, and
>>> there cannot be enough slashes to ascend to a writable directory.
>>>> if not maybe the one byte overflow is still exploitable.
>>> Hmm.  How likely is that?  It overflows in to malloc metadata, and the
>>> glibc malloc hardening should catch that these days.
>> Not necessarily on 32-bit architectures, so I agree with Tavis now, and
>> we need a CVE.  The upstream bug is:
>>    <>
> Use CVE-2014-5119. A CVE-2005-#### number isn't needed because the
> msg00091.html message (referenced in 17187) does not state any
> security implications.

That's correct.  Neither I nor any of the readers of my original bug
report commented on any possible security implications.  (Mind you, in
2005 I was probably a little more naïve.)


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ