oss-sec mailing list archives
Re: parse_datetime() bug in coreutils
From: cve-assign () mitre org
Date: Sat, 3 Jan 2015 17:19:16 -0500 (EST)
On Mon, 29 Dec 2014, Moritz M??hlenhoff wrote:
On Mon, Nov 24, 2014 at 06:47:24PM -0800, Seth Arnold wrote:Hello, Fiedler Roman discovered that coreutils' parse_datetime() function has some flaws that may be exploitable if the date(1), touch(1), or potentially other programs, accept untrusted input for certain parameters. While researching this issue, he discovered that it was independantly discovered by Bertrand Jacquin and reported at http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872 $ touch '--date=TZ="123"345" @1' Segmentation fault (core dumped) $ date '--date=TZ="123"345" @1' *** Error in `date': double free or corruption (out): 0x00007fffc9866c20 *** Aborted (core dumped) $ The GNU bugtracker has this patch to fix the problem: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872 and this patch to include the fix in coreutils and a small test case: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872 Can a CVE please be assigned for this issue.
Use CVE-2014-9471. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- Re: parse_datetime() bug in coreutils cve-assign (Jan 03)