exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 9 of 9 RSS Feed

CVE-2014-5119

Status Candidate

Overview

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Related Files

Gentoo Linux Security Advisory 201602-02
Posted Feb 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201602-2 - Multiple vulnerabilities have been found in the GNU C library, the worst allowing for remote execution of arbitrary code. Versions less than 2.21-r2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-7423, CVE-2014-0475, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-8121, CVE-2014-9402, CVE-2015-1472, CVE-2015-1781, CVE-2015-7547, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779
SHA-256 | 7fb31d7914b4d8d365ed0e55052ae4ab9788d37ba1146e4a9261c90a46a215e4
Mandriva Linux Security Advisory 2015-168
Posted Mar 31, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-168 - Updated glibc packages fix multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-3406, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040, CVE-2014-7817, CVE-2014-9402, CVE-2015-1472, CVE-2015-1473
SHA-256 | 0412f59ba60e6f3546c153206b4f490e8e4d6187358607bb442d3ffcaa511903
Slackware Security Advisory - glibc Updates
Posted Oct 24, 2014
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2012-4412, CVE-2012-4424, CVE-2013-4237, CVE-2013-4458, CVE-2013-4788, CVE-2014-0475, CVE-2014-4043, CVE-2014-5119, CVE-2014-6040
SHA-256 | f465530a54da7d5a528f544b46d30ac71a8e33c13da9a2e12a12020d9888fad7
Mandriva Linux Security Advisory 2014-175
Posted Sep 8, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-175 - When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character 0xffff is specified, then iconv() segfaults. Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library allows context-dependent attackers to cause a denial of service or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules. Crashes were reported in the IBM code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364). The updated packages have been patched to correct these issues.

tags | advisory, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-6656, CVE-2014-5119, CVE-2014-6040
SHA-256 | f3306f4d40c605cd5282642a6815dd2da169dca7f32fb2e4796c7ec5dcb10aa7
Red Hat Security Advisory 2014-1118-01
Posted Sep 2, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1118-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-5119
SHA-256 | 7fca1af74122ae5f8f810bdf1a8f77314889651cb17c53f6c538685a4e6f6ab2
Ubuntu Security Notice USN-2328-1
Posted Aug 29, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2328-1 - Tavis Ormandy and John Haxby discovered that the GNU C Library contained an off-by-one error when performing transliteration module loading. A local attacker could exploit this to gain administrative privileges. USN-2306-1 fixed vulnerabilities in the GNU C Library. On Ubuntu 10.04 LTS and Ubuntu 12.04 LTS the security update for CVE-2014-0475 caused a regression with localplt on PowerPC. This update fixes the problem. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-5119
SHA-256 | ba67695dc9b003222520566f863135bb43e18212d94c36bfac54afb17dbc0f23
Red Hat Security Advisory 2014-1110-01
Posted Aug 29, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1110-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0475, CVE-2014-5119
SHA-256 | 546be34b84eb08e6ac3baa3ac0e66b3bfb9668ca3a749ee7e0b2cf5eb2d3a2e3
Debian Security Advisory 3012-1
Posted Aug 27, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3012-1 - Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2014-5119
SHA-256 | 1fda609b5a3bc772a28814203d914f8516efd24910c2e122c8383a3dc3d5a4dd
glibc __gconv_translit_find() Privilege Escalation
Posted Aug 26, 2014
Authored by Chris Evans, Tavis Ormandy

glibc __gconv_translit_find() single-fixed-byte heap metadata overflow local root exploit for Fedora 20 32-bit. This issue is not specific to Fedora, but the proof of concept is specifically for Fedora 20 32-bit.

tags | exploit, overflow, local, root, proof of concept
systems | linux, unix, fedora
advisories | CVE-2014-5119
SHA-256 | 330176e29f7a995ed48f5d0fc2ba71392f2e4a5144f7fae13882ef998e79a6d1
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close