CVE-2013-4237

Impact:
Moderate
Public Date:
2013-08-11
CWE:
CWE-787
Bugzilla:
995839: CVE-2013-4237 glibc: Buffer overwrite when using readdir_r on file systems returning file names longer than NAME_MAX characters
An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application.

Find out more about CVE-2013-4237 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the versions of glibc as shipped with Red Hat Enterprise Linux 5. This issue is not planned to be fixed in Red Hat Enterprise Linux 5 as it is now in Production 3 Phase of the support and maintenance life cycle, https://access.redhat.com/support/policy/updates/errata/

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (glibc) RHSA-2014:1391 2014-10-13

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 glibc Not affected
Red Hat Enterprise Linux 5 glibc Will not fix

Mitigation

Do not open untrusted filesystem image files on production systems.

Last Modified