oss-sec mailing list archives
Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Thu, 10 Jul 2014 15:48:34 -0400
On 07/10/2014 03:41 PM, Solar Designer wrote:
The default sshd_config found in openssh-6.6p1.tar.gz does not list AcceptEnv, so presumably by default OpenSSH portable does not accept any environment variables. However, apparently some distros override this safe default: https://bugzilla.redhat.com/show_bug.cgi?id=1077843#c6 | Huzaifa S. Sidhpurwala 2014-03-21 02:31:29 EDT | | The sshd_config file by default contain the following AcceptEnv directives. | | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | AcceptEnv XMODIFIERS
Debian also ships a default sshd_config with: AcceptEnv LANG LC_* To be clear: the override is in the default config files, there are no changes to the sshd binary itself, which still defaults to nothing in AcceptEnv. --dkg
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Daniel Kahn Gillmor (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Solar Designer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Tavis Ormandy (Jul 10)
- Re: Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 10)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Stephane Chazelas (Jul 21)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Florian Weimer (Jul 14)
- Re: CVE-2014-0475: glibc directory traversal in LC_* locale handling Rich Felker (Jul 14)