For informational purposes: this bug has been assigned a CVE On 01/03/2015 03:19 PM, [email protected] wrote: > > On Mon, 29 Dec 2014, Moritz Mühlenhoff wrote: > >> On Mon, Nov 24, 2014 at 06:47:24PM -0800, Seth Arnold wrote: >>> Hello, >>> >>> Fiedler Roman discovered that coreutils' parse_datetime() function >>> has some flaws that may be exploitable if the date(1), touch(1), >>> or potentially other programs, accept untrusted input for certain >>> parameters. While researching this issue, he discovered that it >>> was independantly discovered by Bertrand Jacquin and reported at >>> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872 >>> >>> $ touch '--date=TZ="123"345" @1' >>> Segmentation fault (core dumped) >>> $ date '--date=TZ="123"345" @1' >>> *** Error in `date': double free or corruption (out): >>> 0x00007fffc9866c20 *** >>> Aborted (core dumped) >>> $ >>> >>> The GNU bugtracker has this patch to fix the problem: >>> http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872 >>> >>> and this patch to include the fix in coreutils and a small test case: >>> http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872 >>> >>> >>> Can a CVE please be assigned for this issue. > > Use CVE-2014-9471. > > --- > > CVE assignment team, MITRE CVE Numbering Authority M/S M300 > 202 Burlington Road, Bedford, MA 01730 USA > [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
