Glibc Directory Traversal in Processing LC_* Environment Variables May Let Local Users Gain Elevated Privileges
|
SecurityTracker Alert ID: 1030569 |
SecurityTracker URL: http://securitytracker.com/id/1030569
|
CVE Reference:
CVE-2014-0475
(Links to External Site)
|
Date: Jul 15 2014
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Glibc. A local user can obtain elevated privileges on the target system.
A local user can set arbitrary locales in certain LC_* environment variables and then execute a local program to exploit a directory traversal flaw in the processing of paths and potentially load and execute arbitrary code with the privileges of the local program.
The vendor has assigned bug ID 17137 to this vulnerability.
Stephane Chazelas reported this vulnerability.
|
Impact:
A local user can obtain elevated privileges on the target system.
|
Solution:
The vendor has issued a source code fix, available at:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4e8f95a0df7
|
Vendor URL: www.gnu.org/software/libc/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS: Linux (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|