oss-sec mailing list archives
CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified
From: Francisco Alonso <falonsoe () redhat com>
Date: Thu, 20 Nov 2014 11:38:20 -0500 (EST)
Hello, It was discovered that the wordexp() function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for command substitution when the applicaiton did not request it. Bug report: https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2014-7817 Git commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c References: https://bugzilla.redhat.com/show_bug.cgi?id=1157689 https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html Francisco Alonso / Red Hat Product Security PGP: 0xA026440E 0825 020C 7A5A 4F86 9038 B1C8 5562 688F A026 440E
Current thread:
- CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Francisco Alonso (Nov 20)
- Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified mancha (Nov 20)
- RE: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Mehaffey, John (Nov 20)
- Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Vasyl Kaigorodov (Nov 21)
- Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Marcus Meissner (Nov 21)
- RE: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified Mehaffey, John (Nov 20)
- Re: CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified mancha (Nov 20)