oss-sec mailing list archives
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 10 Jul 2014 21:23:48 +0200
* Rich Felker:
Am I correct in assuming this affects most typical git setups (e.g. gitolite) using ssh authorized_keys files with forced commands, where the malicious file could simply be created as part of the git repository?
Probably, especially if there is a checkout of the repository in the file system under a predictable path. (I expect that most hosted repositories use the bare format.) I don't know how common this is with the existing Git hosting frameworks. Some of them don't use OpenSSH and may not implement environment variable processing at all.
Or are these usually setup to filter the environment?
It seems fairly likely because unexpected, but benign locale settings would interfere with the hook script processing (which likely assume U.S. date formats and UTF-8).
Current thread:
- CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Daniel Kahn Gillmor (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Tavis Ormandy (Jul 10)
- Re: Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 14)