Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2014-5119

Disclosure Date: August 29, 2014
CVE-2014-5119
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2014-5119 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5119)
BID-69738 (http://www.securityfocus.com/bid/69738)
BID-68983 (http://www.securityfocus.com/bid/68983)
Advisory
SECUNIA-60441 (http://secunia.com/advisories/60441)
[oss-security] 20170713 Re: [CVE Request] glibc iconv_open buffer overflow (was: Re: Re: glibc locale issues) (http://www.openwall.com/lists/oss-security/2014/08/13/5)
http://rhn.redhat.com/errata/RHSA-2014-1118.html
https://rhn.redhat.com/errata/RHSA-2014-1110.html
http://www-01.ibm.com/support/docview.wss?uid=swg21685604
SECUNIA-60345 (http://secunia.com/advisories/60345)
SECUNIA-61093 (http://secunia.com/advisories/61093)
GLSA-201602-02 (https://security.gentoo.org/glsa/201602-02)
http://www.mandriva.com/security/advisories?name=MDVSA-2014:175
[oss-security] 20170713 glibc locale issues (http://www.openwall.com/lists/oss-security/2014/07/14/1)
https://sourceware.org/bugzilla/show_bug.cgi?id=17187
20140826 CVE-2014-5119 glibc __gconv_translit_find() exploit (http://seclists.org/fulldisclosure/2014/Aug/69)
DSA-3012 (http://www.debian.org/security/2014/dsa-3012)
SECUNIA-61074 (http://secunia.com/advisories/61074)
20140910 Cisco Unified Communications Manager glibc Arbitrary Code Execution Vulnerability (http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-5119)
http://linux.oracle.com/errata/ELSA-2015-0092.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00017.html
SECUNIA-60358 (http://secunia.com/advisories/60358)
Miscellaneous
http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
https://code.google.com/p/google-security-research/issues/detail?id=96
https://access.redhat.com/errata/RHSA-2014:1110
https://access.redhat.com/errata/RHSA-2014:1118
https://access.redhat.com/security/cve/CVE-2014-5119
https://bugzilla.redhat.com/show_bug.cgi?id=1119128

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis