CVE-2014-0475

MEDIUM

Description

Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.

References

http://linux.oracle.com/errata/ELSA-2015-0092.html

http://www.debian.org/security/2014/dsa-2976

http://www.mandriva.com/security/advisories?name=MDVSA-2014:152

http://www.openwall.com/lists/oss-security/2014/07/10/7

http://www.openwall.com/lists/oss-security/2014/07/14/6

http://www.securityfocus.com/bid/68505

http://www.securitytracker.com/id/1030569

https://rhn.redhat.com/errata/RHSA-2014-1110.html

https://security.gentoo.org/glsa/201602-02

https://sourceware.org/bugzilla/show_bug.cgi?id=17137

Details

Source: MITRE

Published: 2014-07-29

Updated: 2016-11-28

Type: CWE-22

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

cpe:2.3:a:gnu:glibc:2.0:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.1.9:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.10.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.11:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.11.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.11.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.11.3:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.12:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.12.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.12.2:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.13:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.14:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.14.1:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.16:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.17:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:2.18:*:*:*:*:*:*:*

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* versions up to 2.19 (inclusive)

Tenable Plugins

View all (26 total)

ID	Name	Product	Family	Severity
125005	EulerOS Virtualization 3.0.1.0 : glibc (EulerOS-SA-2019-1552)	Nessus	Huawei Local Security Checks	high
88822	GLSA-201602-02 : GNU C Library: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
83705	SUSE SLES11 Security Update : glibc (SUSE-SU-2015:0551-1)	Nessus	SuSE Local Security Checks	high
83704	SUSE SLES10 Security Update : glibc (SUSE-SU-2015:0550-1)	Nessus	SuSE Local Security Checks	high
82421	Mandriva Linux Security Advisory : glibc (MDVSA-2015:168)	Nessus	Mandriva Local Security Checks	high
82190	Debian DLA-43-1 : eglibc security update	Nessus	Debian Local Security Checks	high
81119	OracleVM 2.2 : glibc (OVMSA-2015-0024) (GHOST)	Nessus	OracleVM Local Security Checks	high
81118	OracleVM 3.2 : glibc (OVMSA-2015-0023) (GHOST)	Nessus	OracleVM Local Security Checks	high
79548	OracleVM 3.3 : glibc (OVMSA-2014-0033)	Nessus	OracleVM Local Security Checks	high
79539	OracleVM 3.3 : glibc (OVMSA-2014-0017)	Nessus	OracleVM Local Security Checks	high
78656	Slackware 14.1 / current : glibc (SSA:2014-296-01)	Nessus	Slackware Local Security Checks	high
78583	Fedora 19 : glibc-2.17-21.fc19 (2014-9830)	Nessus	Fedora Local Security Checks	high
78343	Amazon Linux AMI : glibc (ALAS-2014-400)	Nessus	Amazon Linux Local Security Checks	medium
77659	openSUSE Security Update : glibc (openSUSE-SU-2014:1115-1)	Nessus	SuSE Local Security Checks	high
77568	Ubuntu 10.04 LTS : eglibc regression (USN-2306-3)	Nessus	Ubuntu Local Security Checks	high
77465	Scientific Linux Security Update : glibc on SL5.x, SL6.x i386/x86_64 (20140829)	Nessus	Scientific Linux Local Security Checks	high
77464	RHEL 5 / 6 / 7 : glibc (RHSA-2014:1110)	Nessus	Red Hat Local Security Checks	high
77463	Oracle Linux 5 / 6 / 7 : glibc (ELSA-2014-1110)	Nessus	Oracle Linux Local Security Checks	high
77439	CentOS 5 / 6 / 7 : glibc (CESA-2014:1110)	Nessus	CentOS Local Security Checks	high
77436	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerability (USN-2328-1)	Nessus	Ubuntu Local Security Checks	high
77430	Fedora 20 : glibc-2.18-14.fc20 (2014-9824)	Nessus	Fedora Local Security Checks	high
77229	SuSE 11.3 Security Update : glibc (SAT Patch Number 9587)	Nessus	SuSE Local Security Checks	medium
77040	Mandriva Linux Security Advisory : glibc (MDVSA-2014:152)	Nessus	Mandriva Local Security Checks	high
77019	Ubuntu 10.04 LTS : eglibc regression (USN-2306-2)	Nessus	Ubuntu Local Security Checks	high
76999	Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : eglibc vulnerabilities (USN-2306-1)	Nessus	Ubuntu Local Security Checks	high
76465	Debian DSA-2976-1 : eglibc - security update	Nessus	Debian Local Security Checks	medium