An out-of buffer bounds write flaw was found in the way the readdir_r function in glibc, the GNU C Library, handled a directory entry whose file name name contained more byte than the NAME_MAX characters constant indicated. An attacker could provide a specially-crafted (local) NTFS or (remote) CIFS file system that, when processed in an application using the readdir_r() function, would cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Upstream bug report: [1] http://sourceware.org/bugzilla/show_bug.cgi?id=14699 Latest patch proposal: [2] http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
This issue affects the (latest) versions of the glibc package, as shipped with Fedora release of 18 and 19. Please schedule an update.
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 995841]
CVE Request: http://www.openwall.com/lists/oss-security/2013/08/11/2
This was assigned CVE-2013-4237: http://www.openwall.com/lists/oss-security/2013/08/12/8
patch pushed upstream: http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=91ce40854d0b7f865cf5024ef95a8026b76096f3
glibc-2.17-13.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Mitigation: Do not open untrusted filesystem image files on production systems.
Statement: This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 5. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/
IssueDescription: An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. An attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1391 https://rhn.redhat.com/errata/RHSA-2014-1391.html