Date: Thu, 10 Jul 2014 20:52:24 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas discovered that directory traversal issue in locale handling in glibc. glibc accepts relative paths with ".." components in the LC_* and LANG variables. Together with typical OpenSSH configurations (with suitable AcceptEnv settings in sshd_config), this could conceivably be used to bypass ForceCommand restrictions (or restricted shells), assuming the attacker has sufficient level of access to a file system location on the host to create crafted locale definitions there. Bug report: https://sourceware.org/bugzilla/show_bug.cgi?id=17137 Git commits: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d183645616b Related alloca hardening (technically not covered by the CVE assignment) https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4e8f95a0df7 Actual fix https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=58536726692 Documentation updates (To backport the new test in a reliable fashion, you need to tweak the Makefile to set the LOCPATH environment variable.)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.