Launchpad.net

CVE 2014-7817

The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

Related bugs and status

CVE-2014-7817 (Candidate) is related to these bugs:

Bug #1396471: glibc vulnerability CVE-2014-7817

		In	Importance	Status
1396471	glibc vulnerability CVE-2014-7817	eglibc (Ubuntu)	Undecided	Invalid
1396471	glibc vulnerability CVE-2014-7817	eglibc (Ubuntu Vivid)	Undecided	Invalid
1396471	glibc vulnerability CVE-2014-7817	eglibc (Ubuntu Lucid)	Medium	Fix Released
1396471	glibc vulnerability CVE-2014-7817	eglibc (Ubuntu Precise)	Medium	Fix Released
1396471	glibc vulnerability CVE-2014-7817	eglibc (Ubuntu Trusty)	Medium	Fix Released
1396471	glibc vulnerability CVE-2014-7817	eglibc (Ubuntu Utopic)	Undecided	Invalid
1396471	glibc vulnerability CVE-2014-7817	glibc (Ubuntu)	Medium	Fix Released
1396471	glibc vulnerability CVE-2014-7817	glibc (Ubuntu Lucid)	Undecided	Invalid
1396471	glibc vulnerability CVE-2014-7817	glibc (Ubuntu Precise)	Undecided	Invalid
1396471	glibc vulnerability CVE-2014-7817	glibc (Ubuntu Trusty)	Undecided	Invalid
1396471	glibc vulnerability CVE-2014-7817	glibc (Ubuntu Utopic)	Medium	Fix Released
1396471	glibc vulnerability CVE-2014-7817	glibc (Ubuntu Vivid)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-7817

Related bugs and status

Related bugs

References