CVE-2014-5119
Published: 26 August 2014
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
Notes
Author | Note |
---|---|
jdstrand | per researcher (Chris Evans), a path with an even number of characters to the gconv/ directory makes his exploit harmless. This happens to be true on Ubuntu with multiarch on 12.04 LTS and higher on amd64 and i386. Ubuntu 10.04 LTS and armhf on all supported releases has an odd path length. There are likely other ways to exploit on Ubuntu. eglibc on 14.10 exists but is scheduled to be removed the severity was bumped from medium to high once additional research was revealed on 2014-08-26 (marked PublicDateAtUSN accordingly). There are no known active exploits against Ubuntu as of 2014-08-28, but they will likely be available soon. |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
lucid |
Released
(2.11.1-0ubuntu7.16)
|
precise |
Released
(2.15-0ubuntu10.7)
|
|
trusty |
Released
(2.19-0ubuntu6.3)
|
|
upstream |
Needed
|
|
glibc Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needed
|
|
Patches: upstream: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 |
References
- http://seclists.org/oss-sec/2014/q3/145
- http://www.openwall.com/lists/oss-security/2014/07/14/2
- http://www.openwall.com/lists/oss-security/2014/08/13/5
- http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
- http://www.openwall.com/lists/oss-security/2014/08/26/2
- https://ubuntu.com/security/notices/USN-2328-1
- https://www.cve.org/CVERecord?id=CVE-2014-5119
- NVD
- Launchpad
- Debian