Your submission was sent successfully! Close

CVE-2014-7817

Published: 24 November 2014

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

Priority

Medium

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
lucid
Released (2.11.1-0ubuntu7.19)
precise
Released (2.15-0ubuntu10.9)
trusty
Released (2.19-0ubuntu6.4)
upstream Needs triage

utopic Does not exist

glibc
Launchpad, Ubuntu, Debian
lucid Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

utopic
Released (2.19-10ubuntu2.1)