PT-2014-9112 · Gnu+5 · Glibc+5

Published

1970-01-01

·

Updated

2024-06-15

·

CVE-2014-0475

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.20
Description The issue concerns multiple vulnerabilities in the GNU C Library (glibc) that can lead to the bypass of ForceCommand restrictions, potentially resulting in unauthorized access to sensitive information. These vulnerabilities can be exploited remotely. The exploitation may involve the use of locale environment variables such as LC *, LANG, and others, where an attacker could use a .. (dot dot) to traverse directories. This could have unspecified impacts on the system's security.
Recommendations For glibc versions prior to 2.20, update to version 2.20 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and limiting the use of locale environment variables to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2015-2084
BDU:2015-05856
BDU:2015-05857
BDU:2015-05858
BDU:2015-05859
BDU:2015-05860
BDU:2015-05861
BDU:2015-05862
BDU:2015-05863
BDU:2015-05864
BDU:2015-05865
BDU:2015-05866
BDU:2015-05867
BDU:2015-05868
BDU:2015-05869
BDU:2015-05870
BDU:2015-05871
BDU:2015-05872
BDU:2015-05873
BDU:2015-05874
BDU:2015-05875
BDU:2015-05876
BDU:2015-05877
BDU:2015-05878
BDU:2015-05879
BDU:2015-05880
BDU:2015-05881
BDU:2015-05882
BDU:2015-05883
BDU:2015-05884
BDU:2015-05885
BDU:2015-05886
CESA-2014_1110
CVE-2014-0475
DLA-43-1
DSA-2976-1
MGASA-2014-0314
OPENSUSE-SU-2014_1115-1
OPENSUSE-SU-2024:10154-1
RHSA-2014:1110
RHSA-2014_1110
SUSE-RU-2015:0794-1
SUSE-SU-2014_1027-1
SUSE-SU-2015:0253-1
SUSE-SU-2015:0439-1
USN-2306-1

Affected Products

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Glibc