Red Hat Bugzilla – Bug 995839
CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
Last modified: 2015-10-15 13:56:32 EDT
An out-of buffer bounds write flaw was found in the way the readdir_r function in glibc, the GNU C Library, handled a directory entry whose file name name contained more byte than the NAME_MAX characters constant indicated. An attacker could provide a specially-crafted (local) NTFS or (remote) CIFS file system that, when processed in an application using the readdir_r() function, would cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Upstream bug report:
Latest patch proposal:
This issue affects the (latest) versions of the glibc package, as shipped with Fedora release of 18 and 19. Please schedule an update.
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 995841]
This was assigned CVE-2013-4237:
patch pushed upstream:
glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Do not open untrusted filesystem image files on production systems.
This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 5. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/
An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. An attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Via RHSA-2014:1391 https://rhn.redhat.com/errata/RHSA-2014-1391.html