Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 480734 (CVE-2013-4237) - <sys-libs/glibc-2.19-r1: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters (CVE-2013-4237)
Summary: <sys-libs/glibc-2.19-r1: Buffer overwrite when using readdir_r on file system...
Alias: CVE-2013-4237
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa cleanup]
Depends on: 518364
  Show dependency tree
Reported: 2013-08-12 14:22 UTC by Agostino Sarubbo
Modified: 2015-03-08 14:54 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-08-12 14:22:30 UTC
From ${URL} :

An out-of buffer bounds write flaw was found in the way readdir_r() routine of glibc, the collection of GNU libc libraries, used to handle file system entry when its name 
was longer than NAME_MAX characters constant, defined by Linux kernel (readdir_r() used to put content of the directory read into application's allocated buffer, possibly 
[NTFS or CIFS filesystems for example] leading to application's buffer overwrite]. A remote-attacker could provide a specially-crafted NTFS or CIFS image that, when 
processed in an application using the readdir_r() functionality, would lead to that application crash or, potentially, arbitrary code execution with the privileges of the 
user running the application.

This issue was found by Florian Weimer of Red Hat Product Security Team.

Upstream bug report:

Latest patch proposal:

@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2013-08-19 10:36:22 UTC
the commit:;a=commitdiff;h=91ce408
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-08-27 02:25:22 UTC
Time to bump.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2013-10-15 03:18:54 UTC
CVE-2013-4237 (
  sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) 2.18 and
  earlier allows context-dependent attackers to cause a denial of service
  (out-of-bounds write and crash) or possibly execute arbitrary code via a
  crafted (1) NTFS or (2) CIFS image.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2014-01-23 03:12:34 UTC
Patches available and multiple distributions are updated:
Comment 5 Agostino Sarubbo gentoo-dev 2014-01-26 16:00:50 UTC
(In reply to Yury German from comment #4)
> Patches available and multiple distributions are updated:

This is fixed in 2.19.

2.19 is not out, at this moment says:

The current stable version of glibc is 2.18. See the NEWS file in the glibc sources for more information.

So the tag is upstream/ebuild.
Comment 6 SpanKY gentoo-dev 2014-02-18 19:31:49 UTC
this one is kind of bad since it can be poked by a remote system or trying to read malicious USB sticks.  so i'll prob cherry pick it back to at least 2.18.
Comment 7 SpanKY gentoo-dev 2014-02-18 19:34:24 UTC
actually seems that i've already cherry picked it into glibc-2.18 ;)
Comment 8 Yury German Gentoo Infrastructure gentoo-dev 2014-02-19 03:19:30 UTC
SpanKY please advise when you are ready to stabilize 2.18-r1. From bug history it looks like there are two security bugs that you "Cherri-Picked" in to this release.
Comment 9 Yury German Gentoo Infrastructure gentoo-dev 2015-03-03 03:41:16 UTC
Maintainer(s), please drop the vulnerable version(s).

Added to an existing GLSA Request.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2015-03-08 14:54:03 UTC
This issue was resolved and addressed in
 GLSA 201503-04 at
by GLSA coordinator Kristian Fiskerstrand (K_F).