Published: 29/07/2014 Updated: 28/11/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) prior to 2.20 allow context-dependent malicious users to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu glibc 2.1.1.6
gnu glibc 2.1.2
gnu glibc 2.1.3
gnu glibc 2.12
gnu glibc 2.12.1
gnu glibc 2.17
gnu glibc 2.18
gnu glibc 2.0.6
gnu glibc
gnu glibc 2.11
gnu glibc 2.11.1
gnu glibc 2.14
gnu glibc 2.14.1
gnu glibc 2.0.2
gnu glibc 2.0.3
gnu glibc 2.1.9
gnu glibc 2.10.1
gnu glibc 2.12.2
gnu glibc 2.13
gnu glibc 2.0
gnu glibc 2.0.1
gnu glibc 2.1
gnu glibc 2.1.1
gnu glibc 2.11.2
gnu glibc 2.11.3
gnu glibc 2.15
gnu glibc 2.16
gnu glibc 2.0.4
gnu glibc 2.0.5

Debian Bug report logs - #722075 libc6: getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423) Package: libc6; Maintainer for libc6 is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Source for libc6 is src:glibc (PTS, buildd, popcon) Reported by: Arnaud Le Blanc <arnaudlb@gmailcom> Date: ...

Debian Bug report logs - #775572 glibc: CVE-2014-7817 CVE-2014-9402 Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Sat, 17 Jan 2015 14:42:02 UTC Severity: important Tags: security Found in version glibc/219 ...

Debian Bug report logs - #681888 CVE-2012-3406: glibc formatted printing vulnerabilities Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@listsdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Fri, 13 Jul 2012 13:42:15 UTC Severity: important Tags: secur ...

USN-2306-1 introduced a regression in the GNU C Library ...

Several security issues were fixed in the GNU C Library ...

Certain applications could be made to crash or run programs as an administrator ...

A directory traveral flaw was found in the way glibc loaded locale files An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application ...

CWE-22 http://www.securitytracker.com/id/1030569 http://www.openwall.com/lists/oss-security/2014/07/10/7 https://sourceware.org/bugzilla/show_bug.cgi?id=17137 http://www.debian.org/security/2014/dsa-2976 http://www.openwall.com/lists/oss-security/2014/07/14/6 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 https://rhn.redhat.com/errata/RHSA-2014-1110.html http://linux.oracle.com/errata/ELSA-2015-0092.html https://security.gentoo.org/glsa/201602-02 http://www.securityfocus.com/bid/68505 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722075 https://usn.ubuntu.com/2306-3/https://access.redhat.com/security/cve/cve-2014-0475

CVE-2014-0475

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect