Bugzilla – Bug 834594
VUL-1: CVE-2013-4237: glibc: Buffer overwrite - NAME_MAX not enforced by readdir_r()
Last modified: 2014-09-18 05:21:23 UTC
Public via oss-security. Date: Sun, 11 Aug 2013 09:05:07 -0400 (EDT) From: Jan Lieskovsky Subject: [oss-security] CVE Request -- glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters An out-of buffer bounds write flaw was found in the way readdir_r() routine of glibc, the collection of GNU libc libraries, used to handle file system entry when its name was longer than NAME_MAX characters constant, defined by Linux kernel (readdir_r() used to put content of the directory read into application's allocated buffer, possibly [NTFS or CIFS filesystems for example] leading to application's buffer overwrite]. A remote-attacker could provide a specially-crafted NTFS or CIFS image that, when processed in an application using the readdir_r() functionality, would lead to that application crash or, potentially, arbitrary code execution with the privileges of the user running the application. This issue was found by Florian Weimer of Red Hat Product Security Team. Upstream bug report: [1] http://sourceware.org/bugzilla/show_bug.cgi?id=14699 Latest patch proposal: [2] http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html References: [3] https://bugzilla.redhat.com/show_bug.cgi?id=995839 ------ Assigned CVE-2013-4237.
This is an autogenerated message for OBS integration: This bug (834594) was mentioned in https://build.opensuse.org/request/show/186878 Factory / glibc
bugbot adjusting priority
Florian Weimer on oss-sec: Thanks. The upstream commit is: http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=91ce408
The SWAMPID for this issue is 54298. This issue was rated as low. Please submit fixed packages until 2013-09-26. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/54298
openSUSE-SU-2013:1510-1: An update that solves 6 vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 779320,801246,805054,813121,813306,819383,819524,824046,830257,834594,839870 CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-1914,CVE-2013-2207,CVE-2013-4237,CVE-2013-4332 Sources used: openSUSE 12.3 (src): glibc-2.17-4.7.1, glibc-testsuite-2.17-4.7.2, glibc-testsuite-2.17-4.7.3, glibc-utils-2.17-4.7.1
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debuginfo-32bit, glibc-debuginfo-64bit, glibc-debuginfo-x86, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-locale-x86, glibc-obsolete, glibc-profile, glibc-profile-32bit, glibc-profile-x86, glibc-x86, nscd Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
The SWAMPID for this issue is 55384. This issue was rated as moderate. Please submit fixed packages until 2013-12-24. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Update released for: glibc, glibc-devel, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-profile, nscd, timezone Products: SUSE-CORE 9-SP3-TERADATA (x86_64)
Update released for: glibc, glibc-32bit, glibc-dceext, glibc-dceext-32bit, glibc-dceext-devel, glibc-debuginfo, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: glibc, glibc-32bit, glibc-debuginfo, glibc-debugsource, glibc-devel, glibc-devel-32bit, glibc-html, glibc-i18ndata, glibc-info, glibc-locale, glibc-locale-32bit, glibc-obsolete, glibc-profile, glibc-profile-32bit, nscd Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
released
Affected packages: SLE-10-SP3: glibc.i686
SUSE-SU-2014:1119-1: An update that solves three vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 772242,779320,818630,828235,828637,834594,892073 CVE References: CVE-2012-4412,CVE-2013-4237,CVE-2014-5119 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): glibc-2.4-31.111.1
SUSE-SU-2014:1122-1: An update that solves 7 vulnerabilities and has 6 fixes is now available. Category: security (important) Bug References: 750741,779320,801246,830268,834594,836746,839870,843735,864081,882600,883022,886416,892073 CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2013-4788,CVE-2014-4043,CVE-2014-5119 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): glibc-2.11.1-0.58.1
SUSE-SU-2014:1128-1: An update that solves 6 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 779320,801246,824639,834594,839870,842291,860501,882600,892073,894553,894556 CVE References: CVE-2012-4412,CVE-2013-0242,CVE-2013-4237,CVE-2013-4332,CVE-2014-4043,CVE-2014-5119 Sources used: SUSE Linux Enterprise Server 10 SP3 LTSS (src): glibc-2.4-31.77.112.1