Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: glibc locale escaping issue
From: Josh Bressers <bressers () redhat com>
Date: Tue, 8 Mar 2011 16:24:48 -0500 (EST)



----- Original Message -----
Hi!

Following glibc upstream and gentoo bug reports describe a bug in the
way locale command escapes its output.

http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
http://bugs.gentoo.org/show_bug.cgi?id=330923

Gentoo bug points out possible security implications. I've not managed to
find an example where the locale command is used in a problematic way and
where this may cross trust boundaries, so I wonder if this is worth
handling as security fix vs. security enhancement. Comments are welcome.

The issue was fixed in GLSA 201011-01, but its text really only mentions
Tavis' issues.


I think this deserves an ID: CVE-2011-1095

The documentation clearly states that the output of this command will be
properly quoted. Even if we can't find a bad usage, there is quite likely a
shell script doing this in the universe.

I think the line between fix vs enhancement is crossed when we're talking
about documented behavior.

Thanks.

-- 
    JB


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault