Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2014-7817
Description:The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
Test IDs: 1.3.6.1.4.1.25623.1.0.882090   1.3.6.1.4.1.25623.1.0.703142   1.3.6.1.4.1.25623.1.0.871301   1.3.6.1.4.1.25623.1.0.105372   1.3.6.1.4.1.25623.1.0.123217   1.3.6.1.4.1.25623.1.1.4.2015.0551.1   1.3.6.1.4.1.25623.1.1.4.2015.0439.1   1.3.6.1.4.1.25623.1.1.4.2015.0550.1  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-7817
BugTraq ID: 71216
http://www.securityfocus.com/bid/71216
Debian Security Information: DSA-3142 (Google Search)
http://www.debian.org/security/2015/dsa-3142
https://security.gentoo.org/glsa/201602-02
https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html
http://seclists.org/oss-sec/2014/q4/730
RedHat Security Advisories: RHSA-2014:2023
http://rhn.redhat.com/errata/RHSA-2014-2023.html
http://secunia.com/advisories/62100
http://secunia.com/advisories/62146
SuSE Security Announcement: openSUSE-SU-2015:0351 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00089.html
http://www.ubuntu.com/usn/USN-2432-1
XForce ISS Database: gnu-glibc-cve20147817-command-exec(98852)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98852




© 1998-2021 E-Soft Inc. All rights reserved.