Date: Sat, 3 Jan 2015 17:19:16 -0500 (EST) From: cve-assign@...re.org To: Moritz Mühlenhoff <jmm@...til.org> cc: oss-security@...ts.openwall.com, cve-assign@...re.org, Fiedler Roman <Roman.Fiedler@....ac.at>, security@...ntu.com Subject: Re: parse_datetime() bug in coreutils On Mon, 29 Dec 2014, Moritz Mühlenhoff wrote: > On Mon, Nov 24, 2014 at 06:47:24PM -0800, Seth Arnold wrote: >> Hello, >> >> Fiedler Roman discovered that coreutils' parse_datetime() function >> has some flaws that may be exploitable if the date(1), touch(1), >> or potentially other programs, accept untrusted input for certain >> parameters. While researching this issue, he discovered that it >> was independantly discovered by Bertrand Jacquin and reported at >> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872 >> >> $ touch '--date=TZ="123"345" @1' >> Segmentation fault (core dumped) >> $ date '--date=TZ="123"345" @1' >> *** Error in `date': double free or corruption (out): 0x00007fffc9866c20 *** >> Aborted (core dumped) >> $ >> >> The GNU bugtracker has this patch to fix the problem: >> http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872 >> and this patch to include the fix in coreutils and a small test case: >> http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872 >> >> Can a CVE please be assigned for this issue. Use CVE-2014-9471. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.