GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2014/Dec/77 | Exploit Mailing List Third Party Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | Third Party Advisory |
Configurations
History
14 May 2021, 19:57
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2014/Dec/77 - Exploit, Mailing List, Third Party Advisory |
Information
Published : 2014-12-19 15:59
Updated : 2023-12-10 11:31
NVD link : CVE-2014-7208
Mitre link : CVE-2014-7208
CVE.ORG link : CVE-2014-7208
JSON object : View
Products Affected
gparted
- gparted
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')