Glibc File Globbing Heap Corruption Vulnerability

The GNU C library ('glibc') includes support for functionality known as file globbing. File globbing allows for lists of files to be created based on search patterns that include wildcards (for example : '*') and other metacharacters.

This implementation contains a vulnerability which may allow for the execution of arbitrary code by an application that uses glibc file globbing. The vulnerability is related to a failure to properly handle strings that end with the '{' character.

It is reportedly possible for attackers to submit input to the globbing functions that eventually causes free() to be called on memory they control. This situation can be exploited to overwrite a word in memory with an arbitrary value.

Attackers may overwrite function pointers or return addresses to force execution of arbitrary instructions.


Privacy Statement
Copyright 2010, SecurityFocus