Vigil@nce - glibc: denial of service via iconv and IBM93x
September 2014 by Marc Jacob
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can provide special IBM933, IBM935, IBM937, IBM939 or
IBM1364 data to an application linked to the glibc and using
iconv(), in order to trigger a denial of service.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 02/09/2014
DESCRIPTION OF THE VULNERABILITY
The iconv() function of the glibc library converts the character
encoding of a string.
The IBM933, IBM935, IBM937, IBM939 and IBM1364 encodings use the
0xffff value as a special marker. However, this case is not
handled in the iconvdata/ibmxxx.c files, so the iconv() function
reads at an invalid memory address.
An attacker can therefore provide special IBM933, IBM935, IBM937,
IBM939 or IBM1364 data to an application linked to the glibc and
using iconv(), in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/glibc-denial-of-service-via-iconv-and-IBM93x-15252