exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

CVE-2014-0475

Status Candidate

Overview

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Related Files

Gentoo Linux Security Advisory 201602-02
Posted Feb 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7423, CVE-2014-0475, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-8121, CVE-2014-9402, CVE-2015-1472, CVE-2015-1781, CVE-2015-7547, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779
MD5 | 4ae3105bd8ed710ad3f2ffe994f6efdc
Mandriva Linux Security Advisory 2015-168
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-3406, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473
MD5 | b7bc646306e46a1f68447be66b599961
Slackware Security Advisory - glibc Updates
Posted Oct 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4237, CVE-2013-4458, CVE-2013-4788, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040
MD5 | cb4f932fa481526a80b99676e459f3f5
Ubuntu Security Notice USN-2306-3
Posted Sep 8, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-3 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the fix for CVE-2013-4357 introduced a memory leak in getaddrinfo. This update fixes the problem. Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Stephane Chazelas discovered that the GNU C Library incorrectly handled locale environment variables. An attacker could use this issue to possibly bypass certain restrictions such as the ForceCommand restrictions in OpenSSH. David Reid, Glyph Lefkowitz, and Alex Gaynor discovered that the GNU C Library incorrectly handled posix_spawn_file_actions_addopen() path arguments. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability, memory leak
systems | linux, osx, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
MD5 | 7ee5d196174da9ef3887b78945a08eef
Red Hat Security Advisory 2014-1110-01
Posted Aug 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0475, CVE-2014-5119
MD5 | e1a981440e7e82e521660ed92023f615
Mandriva Linux Security Advisory 2014-152
Posted Aug 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-152 - Updated glibc packages fix various security issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2014-0475, CVE-2014-4043
MD5 | ba4ab5ac9e1ceab4b108a88939d64a6b
Ubuntu Security Notice USN-2306-2
Posted Aug 5, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-2 - USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS, the security update cause a regression in certain environments that use the Name Service Caching Daemon (nscd), such as those configured for LDAP or MySQL authentication. In these environments, the nscd daemon may need to be stopped manually for name resolution to resume working so that updates can be downloaded, including environments configured for unattended updates. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
MD5 | 9ea9f20931ab38878091da4a533d94e7
Ubuntu Security Notice USN-2306-1
Posted Aug 4, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2306-1 - Maksymilian Arciemowicz discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS. It was discovered that the GNU C Library incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4357, CVE-2013-4458, CVE-2014-0475, CVE-2014-4043
MD5 | 579fa5c25c72e2ab3f95731313197a97
Debian Security Advisory 2976-1
Posted Jul 11, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2976-1 - Stephane Chazelas discovered that the GNU C library, glibc, processed ".." path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0475
MD5 | fe20a39ddf3f412e5eda2760d03fef6d
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close